Jon Schipp

Awesome, I think this would allow a lot of flexibility for all kinds of different logs. It would be similar to writing a decoder in OSSEC but with far more...

Hey Champ, sorry for not responding. I kept forgetting to. Perfect, I like it and it's better than my original suggestion of counting fields. I agree, the user defined fields...

Sender and receiver systems are the same and directly connected. $ cat /etc/debian_version 7.1 I installed new Linux kernel. $ uname -a Linux recv 3.10.7 #1 SMP Wed Aug 21...

I did a git pull and built and installed the latest from github.com/borkmann/netsniff-ng. I did 3 runs with tcpdump, it captured the full 15000000 twice. On the third run it...

Just to be clear, in the post above, I was not able to reproduce the issue because of a new problem where the latest netsniff-ng is not able to capture...

For the offloading options it's common among NSM practitioners to disable these options because of the issue where packets are reassembled by the NIC or NIC driver and then passed...

I'm out of town this weekend, I'll test that and the smaller ring buffer suggestion on Monday. I'll also be bringing home two Dell PE servers from work on Monday...

I made the change to ring_rx.c and also tried reducing the ring buffer to 512KiB and 64MiB with the ring_rx.c change and without. Same thing, around 2 million packets drop...

The issue where the drop count from /proc/net/dev is incrementing while netsniff-ng is running is also reproducible on a Dell PowerEdge 1950 with the latest mainline kernel 3.11.0. Machine has...

Those drops seen in /proc/net/dev are the exact same number as rx_fw_discards reported via ethtool. And they only appeared for netsniff-ng and gulp on packet sizes of 64, 128, and...