Going to add a bit more information to this. I did purchase the licensing for my Ethernet card. it's from Silicom - a 10Gb igxbe intel based card (82599) using the ixgbe-3.18.7-DNA/ driver.
Here is my /usr/local/include dir ls -al /usr/local/include total 84 drwxr-xr-x. 3 root root 4096 Apr 4 18:23 . drwxr-xr-x. 13 root root 4096 Mar 3 2012 .. drwxr-xr-x 2 root root 4096 Apr 4 18:23 pcap -rw-r--r-- 1 root root 2393 Apr 4 18:23 pcap-bpf.h -rw-r--r-- 1 root root 2320 Apr 4 18:23 pcap.h -rw-r--r-- 1 root root 2125 Apr 4 18:23 pcap-namedb.h -rw-r--r-- 1 root root 54448 Apr 4 18:21 pfring.h -rw-r--r-- 1 root root 3891 Apr 4 18:22 pfring_i82599.c Running ./pfcount -i dna0 yields zero packets RX and zero dropped. Absolute Stats: [0 pkts rcvd][0 pkts filtered][0 pkts dropped] Total Pkts=0/Dropped=0.0 % 0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] ========================= Actual Stats: 0 pkts [1'000.20 ms][0.00 pps/0.00 Gbps] All of the items such as libpcap, tcpdump, pfring_dna, and the DNA_daq have been installed. From: [email protected] [mailto:[email protected]] On Behalf Of Alicia Smith Sent: Friday, April 04, 2014 2:18 PM To: [email protected] Subject: [Ntop-misc] Hello! New here, and trying to get PF_RING+DNA going for Snort. I've compiled the drivers and everything appeared to be going good. However, Snort is no longer seeing traffic, and tcpdump shows no traffic if I try tcpdump -i dna0 But I know there is traffic: dna0 RX packets:3679364 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2023495833 (1.8 GiB) TX bytes:0 (0.0 b) dna0 RX packets:3701482 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2040067400 (1.8 GiB) TX bytes:0 (0.0 b) dna1 RX packets:61999326 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:45521836981 (42.3 GiB) TX bytes:0 (0.0 b) dna1 RX packets:62450299 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:45869728250 (42.7 GiB) TX bytes:0 (0.0 b) Settings are the same for both interfaces: Settings for dna0: Supported ports: [ FIBRE ] Supported link modes: 10000baseT/Full Supported pause frame use: No Supports auto-negotiation: No Advertised link modes: 10000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: No Speed: 10000Mb/s Duplex: Full Port: FIBRE PHYAD: 0 Transceiver: external Auto-negotiation: off Supports Wake-on: d Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes Lsmod yields the following: [root@PHX01-NIDS snort]# lsmod Module Size Used by pf_ring 407075 0 ixgbe 270444 0 libpcap and tcpdump were recompiled after the installation of pf_ring. I don't know what other information I can give. I only get output from tpcdump if I specify -i any Any help would be appreciated. -- Alicia Smith Senior Security Engineer, FireHost (US: +00) 1 877 262 3473 (UK: +44) 0800 500 3167 [email protected]<mailto:[email protected]> SECURE CLOUD HOSTING North America | Europe | Asia Pacific ComputerWorld: 100 Best Places to Work in IT See Current Opportunities<http://www.firehost.com/careers>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
