Project

General

Profile

Actions

Bug #3702

open

windows: when using compile against latest npcap traffic not seen unless bpf is used

Added by Peter Manev over 4 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Using 5.0.3 compiling against the latest SDK (1.05)/npcap(9991)/libpcap goes fine. Upon start though Suricata does not inspect traffic unless given a bpf.

12/5/2020 -- 12:06:13 - <Info> - Using 1 live device(s).
12/5/2020 -- 12:06:13 - <Info> - using interface \Device\NPF_{2515734D-0886-4727-BB28-117E7283422A}
12/5/2020 -- 12:06:14 - <Info> - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets
12/5/2020 -- 12:06:14 - <Info> - Found an MTU of 1500 for '\Device\NPF_{2515734D-0886-4727-BB28-117E7283422A}'
12/5/2020 -- 12:06:14 - <Info> - Set snaplen to 1524 for '\Device\NPF_{2515734D-0886-4727-BB28-117E7283422A}'
12/5/2020 -- 12:06:14 - <Perf> - NIC offloading on \Device\NPF_{2515734D-0886-4727-BB28-117E7283422A}: Checksum IPv4 Rx: 0 Tx: 0 IPv6 Rx: 0 Tx: 0 LSOv1 IPv4: 0 LSOv2 IPv4: 0 IPv6: 0
12/5/2020 -- 12:06:14 - <Info> - RunModeIdsPcapAutoFp initialised
12/5/2020 -- 12:06:14 - <Config> - using 1 flow manager threads
12/5/2020 -- 12:06:14 - <Config> - using 1 flow recycler threads
12/5/2020 -- 12:06:14 - <Notice> - all 3 packet processing threads, 4 management threads initialized, engine started.
12/5/2020 -- 12:23:08 - <Notice> - Signal Received.  Stopping engine.
12/5/2020 -- 12:23:08 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
12/5/2020 -- 12:23:08 - <Info> - time elapsed 1014.413s
12/5/2020 -- 12:23:08 - <Perf> - 0 flows processed
12/5/2020 -- 12:23:08 - <Info> - (RX#01-\Dev..22A) Packets 0, bytes 0
12/5/2020 -- 12:23:08 - <Info> - (RX#01-\Dev..22A) Pcap Total:52721 Recv:52721 Drop:0 (0.0%).
12/5/2020 -- 12:23:08 - <Perf> - AutoFP - Total flow handler queues - 2
12/5/2020 -- 12:23:08 - <Info> - Alerts: 0
12/5/2020 -- 12:23:08 - <Perf> - ippair memory usage: 382144 bytes, maximum: 16777216
12/5/2020 -- 12:23:08 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
12/5/2020 -- 12:23:08 - <Info> - cleaning up signature grouping structure... complete
12/5/2020 -- 12:23:08 - <Notice> - Stats for '\Device\NPF_{2515734D-0886-4727-BB28-117E7283422A}':  pkts: 0, drop: 0 (-1.#J%), invalid chksum: 0
Actions #2

Updated by Peter Manev over 4 years ago

Think it may be worth to redo the 5.0.3 MSI if the next release in npcap comes before our next one.

Actions #3

Updated by Philippe Antoine 6 months ago

  • Target version set to TBD
Actions #4

Updated by Philippe Antoine 6 months ago

  • Assignee set to OISF Dev
Actions

Also available in: Atom PDF