You need to add -lnuma to fix the problem Luca
Sent from my iPhone (sorry for typos) > On 20/ago/2014, at 15:37, Ivan Petrov <[email protected]> wrote: > > I've verified and it is indeed in promisc mode. > > dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A > inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0 > inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:21 Memory:fe9e0000-fea00000 > > So i think the problem is with the configuration of Snort/Daq. Have you seen > this error: > > sudo /usr/sbin/snort --daq-dir=/usr/local/lib/daq --daq-list > > /usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so: > undefined symbol: numa_parse_nodestring > Available DAQ modules: > pcap(v3): readback live multi unpriv > afpacket(v5): live inline multi unpriv > ipfw(v3): live inline multi unpriv > dump(v2): readback live inline multi unpriv > > For some reason libpfring is not in the daq list. > > > On Wednesday, August 20, 2014 10:17 AM, Luca Deri <[email protected]> wrote: > > > Ivan > can you please check if during capture the interface is in promiscuous mode > (you can check it with ifconfig). All the rest looks good to me. > > Cheers Luca > >> On 19 Aug 2014, at 13:13, Ivan Petrov <[email protected]> wrote: >> >> I've just noticed that there has been a change in rx's : >> >> sudo ethtool -S dna0 >> NIC statistics: >> rx_packets: 1120 >> tx_packets: 0 >> rx_bytes: 91790 >> tx_bytes: 0 >> rx_broadcast: 635 >> tx_broadcast: 0 >> rx_multicast: 485 >> tx_multicast: 0 >> rx_errors: 0 >> tx_errors: 0 >> tx_dropped: 0 >> multicast: 485 >> collisions: 0 >> rx_length_errors: 0 >> rx_over_errors: 0 >> rx_crc_errors: 0 >> rx_frame_errors: 0 >> rx_no_buffer_count: 0 >> rx_missed_errors: 0 >> tx_aborted_errors: 0 >> tx_carrier_errors: 0 >> tx_fifo_errors: 0 >> tx_heartbeat_errors: 0 >> tx_window_errors: 0 >> tx_abort_late_coll: 0 >> tx_deferred_ok: 0 >> tx_single_coll_ok: 0 >> tx_multi_coll_ok: 0 >> tx_timeout_count: 0 >> tx_restart_queue: 0 >> rx_long_length_errors: 0 >> rx_short_length_errors: 0 >> rx_align_errors: 0 >> tx_tcp_seg_good: 0 >> tx_tcp_seg_failed: 0 >> rx_flow_control_xon: 0 >> rx_flow_control_xoff: 0 >> tx_flow_control_xon: 0 >> tx_flow_control_xoff: 0 >> rx_csum_offload_good: 0 >> rx_csum_offload_errors: 0 >> rx_header_split: 0 >> alloc_rx_buff_failed: 0 >> tx_smbus: 0 >> rx_smbus: 0 >> dropped_smbus: 0 >> rx_dma_failed: 0 >> tx_dma_failed: 0 >> rx_hwtstamp_cleared: 0 >> uncorr_ecc_errors: 0 >> corr_ecc_errors: 0 >> >> >> On Tuesday, August 19, 2014 12:47 PM, Ivan Petrov <[email protected]> >> wrote: >> >> >> Is the last line okay? >> >> ifconfig dna0 >> dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A >> inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0 >> inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> Interrupt:21 Memory:fe9e0000-fea00000 >> >> >> On Tuesday, August 19, 2014 7:58 AM, Luca Deri <[email protected]> wrote: >> >> >> Ivan >> Can you please send the output of ethtool -S dnaX ? >> >> Thanks Luca >> >> Sent from my iPhone (sorry for typos) >> >>> On 19/ago/2014, at 07:11, Ivan Petrov <[email protected]> wrote: >>> >>> Hi Luca, >>> >>> I've loaded indeed the driver via the script. Also don't get any errors. >>> >>> Regards, >>> Hristo >>> >>> >>> On Tuesday, August 19, 2014 6:50 AM, Luca Deri <[email protected]> wrote: >>> >>> >>> Hi >>> Did you load perhaps the driver with multiple queues? Please use the load >>> script we provide in the src/ directory of each driver >>> >>> Regards Luca >>> >>> Sent from my iPhone (sorry for typos) >>> >>>> On 18/ago/2014, at 13:44, Ivan Petrov <[email protected]> wrote: >>>> >>>> Hi, >>>> >>>> I've a problem with my dna interface. >>>> >>>> I've downloaded pf_ring from the svn and i've loaded the driver, >>>> e1000e-2.5.4-DNA without any errors. But the only packets that tcpdump is >>>> able to capture is arp request to my router... >>>> >>>> Could you please advise? >>>> >>>> Here is some info: >>>> >>>> #uname -a >>>> Linux 2.6.32-431.23.3.el6.i686 #1 SMP Thu Jul 31 14:37:53 UTC 2014 i686 >>>> i686 i386 GNU/Linux >>>> Centos 6.5 >>>> >>>> #sudo ethtool --show-ntuple dna0 >>>> Cannot get RX rings: Operation not supported >>>> rxclass: Cannot get RX class rule count: Operation not supported >>>> RX classification rule retrieval failed >>>> >>>> #ethtool -i dna0 >>>> driver: e1000e >>>> version: 2.5.4-DNA >>>> firmware-version: 1.1-1 >>>> bus-info: 0000:00:19.0 >>>> supports-statistics: yes >>>> supports-test: yes >>>> supports-eeprom-access: yes >>>> supports-register-dump: yes >>>> supports-priv-flags: no >>>> >>>> #ethtool -g dna0 >>>> Ring parameters for dna0: >>>> Pre-set maximums: >>>> RX: 4096 >>>> RX Mini: 0 >>>> RX Jumbo: 0 >>>> TX: 4096 >>>> Current hardware settings: >>>> RX: 256 >>>> RX Mini: 0 >>>> RX Jumbo: 0 >>>> TX: 256 >>>> >>>> Kind regards, >>>> >>>> Ivan >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
