when i running this command: pf_ringcfg --list-interfaces
console give me:
Name: eno1 Driver: igb [Supported by ZC]
Name: eno2 Driver: e1000e [Supported by ZC]
or this command: modinfo pf_ring
console give me:
filename: /lib/modules/5.0.0-23-generic/updates/dkms/pf_ring.ko
alias: net-pf-27
version: 7.5.0
description: Packet capture acceleration and analysis
author: ntop.org
license: GPL
srcversion: B473D7145EEFB2883A520D6
depends:
retpoline: Y
name: pf_ring
vermagic: 5.0.0-23-generic SMP mod_unload
parm: min_num_slots:Min number of ring slots (uint)
parm: perfect_rules_hash_size:Perfect rules hash size (uint)
parm: enable_tx_capture:Set to 1 to capture outgoing packets (uint)
parm: enable_frag_coherence:Set to 1 to handle fragments (flow coherence) in clusters (uint)
parm: enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint)
parm: quick_mode:Set to 1 to run at full speed but with upto one socket per interface (uint)
parm: force_ring_lock:Set to 1 to force ring locking (automatically enable with rss) (uint)
parm: enable_debug:Set to 1 to enable PF_RING debug tracing into the syslog, 2 for more verbosity (uint)
parm: transparent_mode:(deprecated) (uint)
or: lsmod | grep pf_ring
pf_ring 1241088 6
if i running masscan like: masscan --pfring -p80,8000-8100 10.0.0.0/8 --rate=10000
2: [/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20) [0x7fb008643f20]]
?? ??:0
1: [masscan(+0xaa45) [0x560625db3a45]]
?? ??:0
How correctly install pf_ring compatible with masscan?
Also, as i understand, i need to buy PF_RING driver? (https://shop.ntop.org/)
best regards.
I suggest building PF_RING from source. This includes the kernel driver, the userspace tools and the libraries
Yes, you have to pay or you're limited to some amount of packets that can be transmitted if I remember correctly. It's relatively inexpensive, something like 50 euro for 1Gbps NICs, 150 euro for 10G
Hi, i installed pf_ring driver on ubuntu 18.04 using this instruction:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_LTS_
and this:
https://holdmybeersecurity.com/2019/04/03/part-1-install-setup-zeek-pf_ring-on-ubuntu-18-04-on-proxmox-5-3-openvswitch/
and this:
https://www.ntop.org/guides/pf_ring/get_started/packages_installation.html
and this:
http://packages.ntop.org/apt-stable/
when i running this command: pf_ringcfg --list-interfaces
console give me:
Name: eno1 Driver: igb [Supported by ZC] Name: eno2 Driver: e1000e [Supported by ZC]
or this command: modinfo pf_ring
console give me:
filename: /lib/modules/5.0.0-23-generic/updates/dkms/pf_ring.ko alias: net-pf-27 version: 7.5.0 description: Packet capture acceleration and analysis author: ntop.org license: GPL srcversion: B473D7145EEFB2883A520D6 depends: retpoline: Y name: pf_ring vermagic: 5.0.0-23-generic SMP mod_unload parm: min_num_slots:Min number of ring slots (uint) parm: perfect_rules_hash_size:Perfect rules hash size (uint) parm: enable_tx_capture:Set to 1 to capture outgoing packets (uint) parm: enable_frag_coherence:Set to 1 to handle fragments (flow coherence) in clusters (uint) parm: enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint) parm: quick_mode:Set to 1 to run at full speed but with upto one socket per interface (uint) parm: force_ring_lock:Set to 1 to force ring locking (automatically enable with rss) (uint) parm: enable_debug:Set to 1 to enable PF_RING debug tracing into the syslog, 2 for more verbosity (uint) parm: transparent_mode:(deprecated) (uint)
or: lsmod | grep pf_ring pf_ring 1241088 6
if i running masscan like: masscan --pfring -p80,8000-8100 10.0.0.0/8 --rate=10000
console give me:
Segmentation fault: please post this backtrace to: https://github.com/robertdavidgraham/masscan/issues
2: [/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20) [0x7fb008643f20]] ?? ??:0 1: [masscan(+0xaa45) [0x560625db3a45]] ?? ??:0 How correctly install pf_ring compatible with masscan? Also, as i understand, i need to buy PF_RING driver? (https://shop.ntop.org/) best regards.