I was and now that I'm not, tcpdump works. Obvious when you know. Thank you again. :)
On 10 December 2015 at 14:04, Alfredo Cardigliano <[email protected]> wrote: > Are you running snort at the same time perhaps? Please note that running > two applications on the same interface is not allowed with ZC (it is still > possible to use zbalance_ipc to fanout the traffic). > You said you are using the tcpdump part of pf_ring right? > > Alfredo > > On 10 Dec 2015, at 14:59, James <[email protected]> wrote: > > Hi Alfredo, > > For the lists benefit, I have (with your help) solved my problem by > increasing $HUGEPAGES to 2048 in the load_driver script. I now have 16 > instances of Snort running and alerts are being generated. I am surprised > by how few alerts are occurring though and wanted to verify what traffic > was being seen. I thought tcpdump would be a good way to do this, so > compiled the pf_ring version, but I can't get that to display any traffic > on either of my two interfaces. I've tried: > "tcpdump -i eth4" (or 5) which functions but shows no traffic > "tcpdump -i zc:eth4" > "tcpdump -i zc:eth4@0" both of which fail, telling me there is no such > device > > Sorry for asking so many questions, but any ideas please? > > Thanks > James > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
