But when I test libnids-1.21 with PF_RING libpcap-0.9.4, things begin to break. First of all, there are a lot of syslog messages complaining about "invalid tcp headers"; and secondly, no TCP traffic data has been captured.
Some of the code in libnids-1.21 tries to validate the packet headers returned by libpcap and discard all the invalid packets. However, I have another machine running debian kernel 2.6.8, libpcap-0.8.1, libnids-1.19 and a much older version of PF_RING, and everything works fine.
I have tried to debug libnids + libpcap by using gdb, which is very tedious and ineffective for tracing libpcap in realtime. Is there a better way to gather more information from libpcap at runtime? And has anybody else come across problems similar to mine or have any insight in relevant issues?
Myron
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
