Re: [Ntop-misc] dna interface doesn't capture any traffic

Wed, 20 Aug 2014 06:37:59 -0700 

I've verified and it is indeed in promisc mode.

dna0      Link encap:Ethernet  HWaddr 00:1E:4F:48:03:2A  
          inet addr:192.168.0.106  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:21 Memory:fe9e0000-fea00000 

So i think the problem is with the configuration of Snort/Daq. Have you seen 
this error:

sudo /usr/sbin/snort --daq-dir=/usr/local/lib/daq --daq-list

/usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so: 
undefined symbol: numa_parse_nodestring
Available DAQ modules:
pcap(v3): readback live multi unpriv
afpacket(v5): live inline multi unpriv
ipfw(v3): live inline multi unpriv
dump(v2): readback live inline multi unpriv 

For some reason libpfring is not in the daq list.


On Wednesday, August 20, 2014 10:17 AM, Luca Deri <[email protected]> wrote:
 


Ivan
can you please check if during capture the interface is in promiscuous mode 
(you can check it with ifconfig). All the rest looks good to me.

Cheers Luca


On 19 Aug 2014, at 13:13, Ivan Petrov <[email protected]> wrote:

I've just noticed that there has been a change in rx's :
>
>
>sudo ethtool -S dna0
>NIC statistics:
>     rx_packets: 1120
>     tx_packets: 0
>     rx_bytes: 91790
>     tx_bytes: 0
>     rx_broadcast: 635
>     tx_broadcast: 0
>     rx_multicast: 485
>     tx_multicast: 0
>     rx_errors: 0
>     tx_errors: 0
>     tx_dropped: 0
>     multicast: 485
>     collisions: 0
>     rx_length_errors: 0
>     rx_over_errors: 0
>     rx_crc_errors: 0
>     rx_frame_errors: 0
>     rx_no_buffer_count: 0
>     rx_missed_errors: 0
>     tx_aborted_errors: 0
>     tx_carrier_errors: 0
>     tx_fifo_errors: 0
>     tx_heartbeat_errors: 0
>     tx_window_errors: 0
>     tx_abort_late_coll: 0
>     tx_deferred_ok: 0
>     tx_single_coll_ok: 0
>     tx_multi_coll_ok: 0
>     tx_timeout_count: 0
>     tx_restart_queue: 0
>     rx_long_length_errors: 0
>     rx_short_length_errors: 0
>     rx_align_errors: 0
>     tx_tcp_seg_good: 0
>     tx_tcp_seg_failed: 0
>     rx_flow_control_xon: 0
>     rx_flow_control_xoff: 0
>     tx_flow_control_xon: 0
>     tx_flow_control_xoff: 0
>     rx_csum_offload_good: 0
>     rx_csum_offload_errors: 0
>     rx_header_split: 0
>     alloc_rx_buff_failed: 0
>     tx_smbus: 0
>     rx_smbus: 0
>     dropped_smbus: 0
>     rx_dma_failed: 0
>     tx_dma_failed: 0
>     rx_hwtstamp_cleared: 0
>     uncorr_ecc_errors: 0
>     corr_ecc_errors: 0
>
>
>
>On Tuesday, August 19, 2014 12:47 PM, Ivan Petrov <[email protected]> wrote:
> 
>
>
>Is the last line okay?
>
>
>ifconfig dna0
>dna0      Link encap:Ethernet  HWaddr 00:1E:4F:48:03:2A  
>          inet addr:192.168.0.106  Bcast:192.168.0.255  Mask:255.255.255.0
>          inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000 
>          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>          Interrupt:21 Memory:fe9e0000-fea00000 
>
>
>
>On Tuesday, August 19, 2014 7:58 AM, Luca Deri <[email protected]> wrote:
> 
>
>
>Ivan
>Can you please send the output of ethtool -S dnaX ?
>
>
>Thanks Luca
>
>Sent from my iPhone (sorry for typos)
>
>On 19/ago/2014, at 07:11, Ivan Petrov <[email protected]> wrote:
>
>
>Hi Luca,
>>
>>
>>I've loaded indeed the driver via the script. Also don't get any errors.
>>
>>
>>Regards,
>>Hristo
>>
>>
>>
>>On Tuesday, August 19, 2014 6:50 AM, Luca Deri <[email protected]> wrote:
>> 
>>
>>
>>Hi
>>Did you load perhaps the driver with multiple queues? Please use the load 
>>script we provide in the src/ directory of each driver
>>
>>
>>Regards Luca
>>
>>Sent from my iPhone (sorry for typos)
>>
>>On 18/ago/2014, at 13:44, Ivan Petrov <[email protected]> wrote:
>>
>>
>>Hi,
>>>
>>>
>>>I've a problem with my dna interface.
>>>
>>>
>>>I've downloaded pf_ring from the svn and i've loaded  the driver, 
>>>e1000e-2.5.4-DNA  without any errors. But the only packets that tcpdump is 
>>>able to capture is arp request to my router...
>>>
>>>
>>>Could you please advise? 
>>>
>>>
>>>Here is some info:
>>>
>>>
>>>#uname -a
>>>Linux 2.6.32-431.23.3.el6.i686 #1 SMP Thu Jul 31 14:37:53 UTC 2014 i686 i686 
>>>i386 GNU/Linux
>>>Centos 6.5
>>>
>>>
>>>#sudo ethtool --show-ntuple dna0
>>>Cannot get RX rings: Operation not supported
>>>rxclass: Cannot get RX class rule count: Operation not supported
>>>RX classification rule retrieval failed
>>>
>>>
>>>#ethtool -i dna0
>>>driver: e1000e
>>>version: 2.5.4-DNA
>>>firmware-version: 1.1-1
>>>bus-info: 0000:00:19.0
>>>supports-statistics: yes
>>>supports-test: yes
>>>supports-eeprom-access: yes
>>>supports-register-dump: yes
>>>supports-priv-flags: no
>>>
>>>
>>>#ethtool -g dna0
>>>Ring parameters for dna0:
>>>Pre-set maximums:
>>>RX:4096
>>>RX Mini:0
>>>RX Jumbo:0
>>>TX:4096
>>>Current hardware settings:
>>>RX:256
>>>RX Mini:0
>>>RX Jumbo:0
>>>TX:256
>>>
>>>
>>>Kind regards,
>>>
>>>
>>>Ivan
>>>
>>>
>>>
>>>
>>>
>>>
>>_______________________________________________
>>>Ntop-misc mailing list
>>>[email protected]
>>>http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>
>
>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to