search

angolo40 / mikrocata2selks

Mikrotik + Selks (Suricata) + Telegram + TZSP on Debian 12
GNU General Public License v3.0
60 stars 16 forks source link

Question to TZSPreplay37008 #18

Open foresthus opened 2 months ago

foresthus commented 2 months ago

Hi, I was wondering why the service "TZSPreplay37008@tzsp0.service" gets an error after 10 or 20 seconds. This is what I can see on the "cli".

systemctl status TZSPreplay37008@tzsp0.service
● TZSPreplay37008@tzsp0.service - TZSP Replay capture on dev tzsp0
     Loaded: loaded (/etc/systemd/system/TZSPreplay37008@.service; enabled; preset: enabled)
     Active: active (running) since Tue 2024-07-16 18:39:15 CEST; 22s ago
   Main PID: 489493 (sh)
      Tasks: 3 (limit: 9482)
     Memory: 1.9M
        CPU: 202ms
     CGroup: /system.slice/system-TZSPreplay37008.slice/TZSPreplay37008@tzsp0.service
             ├─489493 /bin/sh -c "/usr/local/bin/tzsp2pcap -p 37008 -f | /usr/local/bin/tcpreplay-edit --topspeed --mtu=\$(cat /sys/class/net/tzsp0/mtu) --mtu-trun>
             ├─489495 /usr/local/bin/tzsp2pcap -p 37008 -f
             └─489496 /usr/local/bin/tcpreplay-edit --topspeed --mtu=2000 --mtu-trunc -i tzsp0 -

Jul 16 18:39:15 VMidsips systemd[1]: Started TZSPreplay37008@tzsp0.service - TZSP Replay capture on dev tzsp0.
Jul 16 18:39:30 VMidsips sh[489496]: Warning: Unable to process unsupported DLT type: Ethernet (0x1)
Jul 16 18:39:30 VMidsips sh[489496]: Warning: Unable to process unsupported DLT type: Ethernet (0x1)

I installed an debian as an vm with proxmox.

uname -a
Linux VMidsips 6.1.0-22-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux

Evrything else is working. Suricata connects to the mikroTik and uses the function to block traffic. Therefor the instructions how to install this docker-enviroment works. This VM has got 6 CPU and 8GB RAM and 60GB filestorage.

Where can I find help or a solution to the problem?

thnx 4 your help.

angolo40 commented 2 months ago

Hello,

I've found that the issue is a known bug in tcpreplay. You can find more details about it in this GitHub issue: https://github.com/appneta/tcpreplay/issues/835.

U can try to upgrade tcpreplay to the latest version, as the version of my repo 4.4.2 has this bug. The latest version might have fixed this issue, although I haven't tested it.

I plan to test the new version in the coming days. If it works without any issues, I'll update the installation script in my repository.