[Bro] Problem: Bro listening on two ethernet interfaces

Tim Brooks tbrooks at ncsa.uiuc.edu
Tue May 17 12:11:14 PDT 2005


Christoph,

I'll let my co-worker, Aashish Sharma, reply to the specific issue of
bro dropping packets.  However, there are two corrections we made to
correct for dropped packets and errors that we were receiving on our
1GB fiber interfaces after first installing bro and turning it on.

First, we set the MTU from 1500 to 9000.
Second, we set LowLatency=On (i.e. modprobe sk98lin LowLatency=On)

That second fix is specific to the fiber cards we are using.  After
these two changes, we are no longer receiving errors on the interfaces.

Aashish Sharma will follow up with bro specific packet loss answer.

Thanks,

Tim

Christoph Goeldi wrote:

> Hi Tim
>
> Zitat von Tim Brooks <tbrooks at ncsa.uiuc.edu>:
>
>>
>> Ours works fine on linux with the interfaces set in etc/bro.cfg like:
>>
>> BRO_CAPTURE_INTERFACE="eth2 eth3"
>
>
> Are you realy sure, that Bro doesn't drop the most of the captured
> packets?
>
> I like to know what Linux version (distro), what Bro version and what
> interfaces (100Mbit or 1Gbit / manufacturer) do you use?
>
> Thank you for your time
> Christoph


-- 
Tim Brooks
Security Engineer

National Center for Supercomputing Applications
605 East Springfield Avenue   Champaign, IL 61820





More information about the Bro mailing list