[Ntop-misc] PF_RING: Can't read TX packets

Tomás Heredia Tue, 27 Apr 2010 14:57:44 -0700

Hi all!

I'm trying to capture TX packets with PF_RING. Indeed, Snort 2.8.4.1,
PF_RING 4.2.0 and igb driver 2.0.6
Snort doesn't get TX packets... nor does pfcount or tcpdump (pf_ring
aware libpcap).
Here's /proc/net/pf_ring/info:
------------------------------------------------
PF_RING Version     : 4.2.0 ($Revision: $)
Ring slots          : 32768
Slot version        : 10
Capture TX          : Yes [RX+TX]
IP Defragment       : No
Transparent mode    : Yes
Total rings         : 1
Total plugins       : 0
---------------------------------


And /proc/net/pf_ring/xxxx-eth0.xx:
-------------------------------------
Bound Device   : eth0
Slot Version   : 10 [4.2.0]
Active         : 1
Sampling Rate  : 1
Appl. Name     : <unknown>
IP Defragment  : No
BPF Filtering  : Enabled
# Filt. Rules  : 0
Cluster Id     : 0
Channel Id     : 255
Tot Slots      : 32770
Bucket Len     : 1514
Slot Len       : 1600 [bucket+header]
Tot Memory     : 52432896
Tot Packets    : 4110275
Tot Pkt Lost   : 0
Tot Insert     : 4110275
Tot Read       : 4110275
Tot Fwd Ok     : 0
Tot Fwd Errors : 0
Num Free Slots : 32770
--------------------------------------

Any clues?

Thanks!


_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] PF_RING: Can't read TX packets

Reply via email to