Snort mailing list archives
Re: Centos 6.4, bnx2 in promiscuous mode does not see packets
From: Y M <snort () outlook com>
Date: Tue, 2 Jul 2013 15:53:33 +0000
We had a PowerEdge server once with BCM57xx with bnx2 drivers and we had no issues at all, we were running Ubuntu
server though. Do you have a spare NIC other than BCM, that you can stick in to the server and test with? Just an idea
to eliminate the NIC factor.
Date: Tue, 2 Jul 2013 09:43:50 +0100
From: giles () coochey net
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Centos 6.4, bnx2 in promiscuous mode does not see packets
On 02/07/2013 09:16, Y M wrote:
Couple of questions that may help troubleshoot the
issue:
1. What kind of traffic you are forwarding? i.e.: VLAN tagged
traffic?
If yes, then you may need to enable VLAN support in Linux
if not enabled already: modprobe 8021q
It isn't tagged traffic, but I tried loading the module, and found
that I have the same issue.
2. If you run Snort with -k none (for testing
purposes), do you get all traffic?
All I saw was 5 ARP packets... which is the same if I just run it
without -k none
3. If you disable NIC offloading functions such as
tso, gro, etc., Does it make a difference?
That's an idea, I used ethtool -K to disable what I could:
[root@host
~]# ethtool -k eth1
Features for eth1:
rx-checksumming: off
tx-checksumming: off
scatter-gather: off
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off
receive-hashing: off
Unfortunately, I still get the same issue, I was wondering whether
there is something specific with the Broadcom bnx2, would have
thought there would be something documented about it as it is
supposed to be quite common in Dell PowerEdge servers...
This is what I can think of for now. May be someone in the
list can help more. Thanks.
YM
Date: Tue, 2 Jul 2013 08:52:57 +0100
From: giles () coochey net
To: snort-users () lists sourceforge net
Subject: [Snort-users] Centos 6.4, bnx2 in promiscuous mode
does not see packets
Hi,
I hope someone can help me, I cannot seem to get a system's
ethernet interface to correctly work in promiscuous mode...
I have a Centos 6.4 system with 2 bnx2 interfaces on it.
I have set up eth1 in promiscuous mode and am sending
traffic to it using the port mirroring configuration on a
Nortel 3510-24T switch.
The switch reports that it is sending a fair amount of
traffic to the mirror port.
However, within Centos 6.4, I only see broadcast traffic
from the switch:
[root@host eth1]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:19:B9:E2:30:AE
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500
Metric:1
RX packets:75 errors:0 dropped:0 overruns:0
frame:0
TX packets:0 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:1000
RX bytes:4800 (4.6 KiB) TX bytes:0 (0.0 b)
I have tried various options configuring eth1 via
/etc/sysconfig/networking/devices/ifcfg-eth1
Currently it looks like this:
DEVICE=eth1
BOOTPROTO=static
HWADDR=00:19:B9:E2:30:AE
#NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
#UUID="e753ec9b-fc35-4460-bcd1-87f26f8d1553"
IPV6INIT=no
USERCTL=no
PROMISC=yes
I have also tried to manually put the interface in
promiscuous mode (as I think PROMISC=yes is deprecated):
ifconfig eth1 promisc
It shows as being in promiscuous mode via ifconfig...
The relevant parks of bootup / system messages:
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2
v2.2.3 (June 27, 2012)
bnx2 0000:05:00.0: PCI INT A -> GSI 16 (level, low) ->
IRQ 16
bnx2 0000:05:00.0: firmware: requesting
bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:05:00.0: firmware: requesting
bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:05:00.0: eth0: Broadcom NetXtreme II BCM5708
1000Base-T (B2) PCI-X 64-bit 133MHz found at mem f8000000,
IRQ 16, node addr 00:19:b9:e2:30:ac
bnx2 0000:09:00.0: PCI INT A -> GSI 16 (level, low) ->
IRQ 16
bnx2 0000:09:00.0: firmware: requesting
bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:09:00.0: firmware: requesting
bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:09:00.0: eth1: Broadcom NetXtreme II BCM5708
1000Base-T (B2) PCI-X 64-bit 133MHz found at mem f4000000,
IRQ 16, node addr 00:19:b9:e2:30:ae
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps
full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps
full duplex, receive & transmit flow control ON
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps
full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps
full duplex, receive & transmit flow control ON
Does anyone have any ideas?
Thanks
Giles
------------------------------------------------------------------------------
This
SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please
visit http://blog.snort.org to stay current on all the latest
Snort news!
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles () coochey net
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Centos 6.4, bnx2 in promiscuous mode does not see packets Giles Coochey (Jul 02)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Y M (Jul 02)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Giles Coochey (Jul 02)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Y M (Jul 02)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Giles Coochey (Jul 03)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Giles Coochey (Jul 02)
- Re: Centos 6.4, bnx2 in promiscuous mode does not see packets Y M (Jul 02)