Re: [Ntop-misc] vmap error in PF_RING

Fri, 05 Feb 2010 16:49:20 -0800 

Paul,
The snaplen is controlled by the particular sniffing app you are using. Like "tcpdump -i eth0 -s1514" sniffs eth0 at a snap length of 1514. 


About memory, I look at /proc/meminfo, at the VmallocTotal and 
VmallocUsed fields to see how space I have left for more or bigger 
capture rings.



You probably are running an i386 platform as the x86_64 platforms have 
more room for ring stuff to begin with.



On my i386 sniffing platforms, I have had good luck with adding an 
"uppermem" and "vmalloc" component to my grub.conf, like this


title CentOS (2.6.18-164.11.1.el5PAE)
        root (hd0,0)
        uppermem 384000

        kernel /vmlinuz-2.6.18-164.11.1.el5PAE ro 
root=/dev/VolGroup00/LogVolRoot vmalloc=512M

        initrd /initrd-2.6.18-164.11.1.el5PAE.img

I've used this with CentOS 5.4 platforms.


Feel free to improve on my suggestions, anyone.  I'm eager to learn and 
improve.


Kevin


On 2/5/2010 3:11 PM, Warren, Paul wrote:

Paul
you have set the snaplen to 8k that multiplied by the number of slots
(4096) is too large. Please reduce the snaplen or the number of slots

Luca

       

Thanks, Luca.  Is this a compile-time option?  How do I determine the
maximum
amount of memory I have to work with?  Are there any recommendations
out
there for setting the number of slots and the size of the slots?

- Paul

     

Does anyone know how to change the size of the snaplen?  It appears that you
can no longer insmod pfring with the bucket_len parm.

- Paul
-----------------------------------------
All electronic messages are intended exclusively for the individual
or entity to which it is addressed.  These communications may
contain information that is proprietary, privileged, or
confidential or otherwise legally exempt from disclosure.  If you
are not the intended recipient of these e-mails, you are not
authorized to read print retain copy or disseminate these messages
in whole or in part or any attachments included.  If you have
received these messages in error, please notify the sender
immediately by e-mail and delete these messages, any attachments,
and all copies from your system without reading the content.
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

   


_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc






















					Reply via email to