[Ntop-misc] Hello! New here, and trying to get PF_RING+DNA going for Snort.

Fri, 04 Apr 2014 12:18:31 -0700 

I've compiled the drivers and everything appeared to be going good.
However, Snort is no longer seeing traffic, and tcpdump shows no traffic if I 
try tcpdump -i dna0

But I know there is traffic:

dna0
          RX packets:3679364 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2023495833 (1.8 GiB)  TX bytes:0 (0.0 b)

dna0
          RX packets:3701482 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2040067400 (1.8 GiB)  TX bytes:0 (0.0 b)

dna1
          RX packets:61999326 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:45521836981 (42.3 GiB)  TX bytes:0 (0.0 b)

dna1
          RX packets:62450299 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:45869728250 (42.7 GiB)  TX bytes:0 (0.0 b)

Settings are the same for both interfaces:
Settings for dna0:
        Supported ports: [ FIBRE ]
        Supported link modes:   10000baseT/Full
        Supported pause frame use: No
        Supports auto-negotiation: No
        Advertised link modes:  10000baseT/Full
        Advertised pause frame use: No
        Advertised auto-negotiation: No
        Speed: 10000Mb/s
        Duplex: Full
        Port: FIBRE
        PHYAD: 0
        Transceiver: external
        Auto-negotiation: off
        Supports Wake-on: d
        Wake-on: d
        Current message level: 0x00000007 (7)
                               drv probe link
        Link detected: yes

Lsmod yields the following:
[root@PHX01-NIDS snort]# lsmod
Module                  Size  Used by
pf_ring               407075  0
ixgbe                 270444  0


libpcap and tcpdump were recompiled after the installation of pf_ring.
I don't know what other information I can give.
I only get output from tpcdump if I specify -i any


Any help would be appreciated.



--
Alicia Smith
Senior Security Engineer, FireHost
(US: +00) 1 877 262 3473
(UK: +44) 0800 500 3167
[email protected]<mailto:[email protected]>
SECURE CLOUD HOSTING
North America | Europe | Asia Pacific
ComputerWorld: 100 Best Places to Work in IT See Current 
Opportunities<http://www.firehost.com/careers>


_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to