cardigliano
commented
2 years ago @srfn8kd the bpf seems to be working for me, what interface/adapter model/driver are you using for capturing traffic? Can I also see the full cento configuration?
Open srfn8kd opened 2 years ago
cardigliano
commented
2 years ago @srfn8kd the bpf seems to be working for me, what interface/adapter model/driver are you using for capturing traffic? Can I also see the full cento configuration?
srfn8kd
commented
2 years ago @cardigliano
Silicom capture network cards Name : fbcard0 FPGA Version: FPGA type: 4e, model: 17, version: 2.10.65.0
I start cento-ids with the following flags which I believe should override any configuration correct?
/usr/bin/cento-ids -a -A -i fbcard:0:a00 -f "not (host 131.215.220.163 or host 131.215.220.164 or host 131.215.220.165) and not udp port 4500" -v 2 -g 2,4,6 -G 12,14,16 --zc -D 2 -Y 127.0.0.1 -S 8880 --skip-fragments --scripts-dir /usr/share/ntopng
A screenshot showing traffic in NTOPNG from hosts listed in cento BPF filter
srfn8kd
commented
2 years ago Hi Alfredo,
This is still happening, BPF filters -f flag for Cento does not appear to be working with Fiberblaze
/usr/bin/cento-ids --version v.1.17.220330 Built OS: Rocky Linux release 8.5 (Green Obsidian)
Cento is started thusly,,,
/usr/bin/cento-ids -a -A -i fbcard:0:a00 -f not (host redacted or host redacted or host redacted) and not udp port redacted -v 2 -g 2 4 6 -G 12 14 16 --zc -D 2 -Y 127.0.0.1 -S 8880 --skip-fragments --scripts-dir /usr/share/ntopng
The IPs redacted in the -f command are shown as the top talkers in NTOPNG reading PF_RING ZC
Hello,
BPF filtering as configured like below is not working in Cento version listed in subject line, I am still seeing traffic for all IPs and port listed in the filter.
-f "not (host redacted or host redacted) and not udp port redacted"