please read this www.ntop.org/blog/?p=56 this might help you. Regards, Yuri
On 04/28/2010 05:06 PM, Tom??s Heredia wrote: > Hi! > Kinda found something: if using transparent mode 0 in the pf_ring > module, both directions are being captured. In this mode, I have a HUGE > packet loss rate. When setting transparent mode to 1, packet loss > reaches 0, but I can't capture TX traffic. Is there any thing I'm missing? > > Thanks!! > > El 28/04/2010 04:21 a.m., fly_2u escribi??: >> Just a reference: >> >> In the PF_RING source code, there is one line: >> *pfring_toggle_filtering_policy*(pd, 0); /**Default to drop* */ >> Maybe you should make some changes for this sentence. >> ??2010-04-28 05:57:28??"Tom??s Heredia" <[email protected]> ?????? >> >Hi all! >> > >> >I'm trying to capture TX packets with PF_RING. Indeed, Snort 2.8.4.1, >> >PF_RING 4.2.0 and igb driver 2.0.6 >> >Snort doesn't get TX packets... nor does pfcount or tcpdump (pf_ring >> >aware libpcap). >> >Here's /proc/net/pf_ring/info: >> >------------------------------------------------ >> >PF_RING Version : 4.2.0 ($Revision: $) >> >Ring slots : 32768 >> >Slot version : 10 >> >Capture TX : Yes [RX+TX] >> >IP Defragment : No >> >Transparent mode : Yes >> >Total rings : 1 >> >Total plugins : 0 >> >--------------------------------- >> > >> >And /proc/net/pf_ring/xxxx-eth0.xx: >> >------------------------------------- >> >Bound Device : eth0 >> >Slot Version : 10 [4.2.0] >> >Active : 1 >> >Sampling Rate : 1 >> >Appl. Name : <unknown> >> >IP Defragment : No >> >BPF Filtering : Enabled >> ># Filt. Rules : 0 >> >Cluster Id : 0 >> >Channel Id : 255 >> >Tot Slots : 32770 >> >Bucket Len : 1514 >> >Slot Len : 1600 [bucket+header] >> >Tot Memory : 52432896 >> >Tot Packets : 4110275 >> >Tot Pkt Lost : 0 >> >Tot Insert : 4110275 >> >Tot Read : 4110275 >> >Tot Fwd Ok : 0 >> >Tot Fwd Errors : 0 >> >Num Free Slots : 32770 >> >-------------------------------------- >> > >> >Any clues? >> > >> >Thanks! >> > >> > >> >_______________________________________________ >> >Ntop-misc mailing list >> >[email protected] >> >http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> ------------------------------------------------------------------------ >> ??????????????????????????200?????????????? <http://ym.163.com/?from=od1> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yuri Francalacci E-Mail: [email protected] Internet: http://www.ntop.org/ *** Esse Quam Videri -- To Be, Rather Than To Seem *** -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
