i have just use pf_ring to capture packet. when i use pfcount, i found that it has no ether header and th ip header is wrong.
pfcount -v output as following: 21:56:24.516749 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x4883][caplen=128][len=1514] 21:56:24.516749 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x4883][caplen=128][len=1514] 21:56:24.517087 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x9D88][caplen=60][len=60] 21:56:24.517087 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x9D88][caplen=60][len=60] 21:56:24.517311 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x4883][caplen=128][len=1514] 21:56:24.517314 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x5B88][caplen=60][len=60] 21:56:24.517311 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x4883][caplen=128][len=1514] 21:56:24.517314 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x5B88][caplen=60][len=60] 21:56:24.517790 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x5B88][caplen=60][len=60] 21:56:24.517790 [0E:00:22:00:00:00 -> 00:08:FF:FF:06:00] [eth_type=0x5B88][caplen=60][len=60] 21:56:24.524293 [00:00:00:00:00:00 -> 26:00:FF:FF:00:00] [eth_type=0x0000][caplen=60][len=60] the eth_type 0x5b88 should be the ip src address: 10.10.136.91. the pf_ring version is as following when i cat /proc/net/pf_ring/info: Version : 3.2.1 Bucket length : 128 bytes Ring slots : 4096 Sample rate : 1 [1=no sampling] Capture TX : No [RX only] Total rings : 0 the kernel is 2.6.16.1 thanks. -- 铁哥
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
