[Bro] My last issue I hope
Richards, James L - DOA
James.Richards at wisconsin.gov
Thu Jun 20 08:31:55 PDT 2013
It certainly appears to be working and up in promic mode...
eth4 Link encap:Ethernet HWaddr 00:1b:21:33:55:20
inet6 addr: fe80::21b:21ff:fe33:5520/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:474826801 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:330011101828 (330.0 GB) TX bytes:468 (468.0 B)
Thanks all, I will continue to dig...
James Richards
Office of Security
Wisconsin Department of Administration
608.224.3880
-----Original Message-----
From: Justin Azoff [mailto:JAzoff at albany.edu]
Sent: Thursday, June 20, 2013 10:05 AM
To: Richards, James L - DOA
Cc: bro at bro.org
Subject: Re: [Bro] My last issue I hope
On Thu, Jun 20, 2013 at 09:50:12AM -0500, Richards, James L - DOA wrote:
> So everything is humming along with no errors, but also no events.
>
> In looking at pf_ring, specifically /proc/net/pf_ring, I am seeing
> that it does not appear to be capturing packets…
The simplest cause could be that you have an issue with the tap/span port that is supposed to be feeding you traffic. Is your sensor definitely receiving traffic? Are the ethernet links up?
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list