pcap file no appears

[marciglesias17]

Hello,

I have collect_attack_pcap_dumps = on

but in /var/log/fastnetmon_attacks no appears pcap files, appears

tail -f XXX.XXX.XXX.XXX_11_07_19_21:10:22.pcap ▒ò▒▒PuTTY

And

tail -f XXX.XXX.XXX.XXX_11_07_19_21:10:22 2019-07-11 21:11:47.947563 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:19578 protocol: udp frag: 0 packets: 1 size: 728 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:47.947576 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15657 protocol: udp frag: 0 packets: 1 size: 911 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.198562 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:9440 protocol: udp frag: 0 packets: 1 size: 134 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.198572 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:30877 protocol: udp frag: 0 packets: 1 size: 762 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.449600 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:16112 protocol: udp frag: 0 packets: 1 size: 292 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.449614 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15925 protocol: udp frag: 0 packets: 1 size: 195 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.700662 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:56590 protocol: udp frag: 0 packets: 1 size: 763 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.951544 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15112 protocol: udp frag: 0 packets: 1 size: 966 bytes ttl: 0 sample ratio: 32000

[pavel-odintsov]

Hello!

What's your capture engine? FNM supports pcap only for mirror capture mode.

[marciglesias17]

Hello, How i can enable mirror capture mode? Thanks, viernes, 12 julio 2019, 00:11a. m. +02:00 de Pavel Odintsov notifications@github.com :

Hello!

What's your capture engine? FNM supports pcap only for mirror capture mode.

On Thu, 11 Jul 2019 at 22:21, Marc Iglesias < notifications@github.com> wrote:

Hello,

I have collect_attack_pcap_dumps = on

but in /var/log/fastnetmon_attacks no appears pcap files, appears

tail -f XXX.XXX.XXX.XXX_11_07_19_21:10:22.pcap ▒ò▒▒PuTTY

And

tail -f XXX.XXX.XXX.XXX_11_07_19_21:10:22 2019-07-11 21:11:47.947563 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:19578 protocol: udp frag: 0 packets: 1 size: 728 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:47.947576 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15657 protocol: udp frag: 0 packets: 1 size: 911 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.198562 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:9440 protocol: udp frag: 0 packets: 1 size: 134 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.198572 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:30877 protocol: udp frag: 0 packets: 1 size: 762 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.449600 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:16112 protocol: udp frag: 0 packets: 1 size: 292 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.449614 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15925 protocol: udp frag: 0 packets: 1 size: 195 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.700662 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:56590 protocol: udp frag: 0 packets: 1 size: 763 bytes ttl: 0 sample ratio: 32000 2019-07-11 21:11:48.951544 XXX.XXX.XXX.XXX:54460 > XXX.XXX.XXX.XXX:15112 protocol: udp frag: 0 packets: 1 size: 966 bytes ttl: 0 sample ratio: 32000

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub < https://github.com/pavel-odintsov/fastnetmon/issues/768?email_source=notifications&email_token=AAU56ZSGFDIUNEYJNTT6E33P66P5JA5CNFSM4IBVPYL2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4G6XSOJA> , or mute the thread < https://github.com/notifications/unsubscribe-auth/AAU56ZQ5AVMU7KSICOGA3K3P66P5JANCNFSM4IBVPYLQ> .

-- Sincerely yours, Pavel Odintsov — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

[pavel-odintsov]

Hello!

To enable mirror capture mode you have to use following option: mirror_afpacket = off

Also, you need to set required interface to "interfaces" option.