search

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
GNU Affero General Public License v3.0
22.97k stars 3.02k forks source link

how to install pfring correctly? #433

Open ghost opened 4 years ago

ghost commented 4 years ago

Hi, i installed pf_ring driver on ubuntu 18.04 using this instruction:

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_LTS_

and this:

https://holdmybeersecurity.com/2019/04/03/part-1-install-setup-zeek-pf_ring-on-ubuntu-18-04-on-proxmox-5-3-openvswitch/

and this:

https://www.ntop.org/guides/pf_ring/get_started/packages_installation.html

and this:

http://packages.ntop.org/apt-stable/

when i running this command: pf_ringcfg --list-interfaces

console give me:

Name: eno1 Driver: igb [Supported by ZC] Name: eno2 Driver: e1000e [Supported by ZC]

or this command: modinfo pf_ring

console give me:

filename: /lib/modules/5.0.0-23-generic/updates/dkms/pf_ring.ko alias: net-pf-27 version: 7.5.0 description: Packet capture acceleration and analysis author: ntop.org license: GPL srcversion: B473D7145EEFB2883A520D6 depends: retpoline: Y name: pf_ring vermagic: 5.0.0-23-generic SMP mod_unload parm: min_num_slots:Min number of ring slots (uint) parm: perfect_rules_hash_size:Perfect rules hash size (uint) parm: enable_tx_capture:Set to 1 to capture outgoing packets (uint) parm: enable_frag_coherence:Set to 1 to handle fragments (flow coherence) in clusters (uint) parm: enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint) parm: quick_mode:Set to 1 to run at full speed but with upto one socket per interface (uint) parm: force_ring_lock:Set to 1 to force ring locking (automatically enable with rss) (uint) parm: enable_debug:Set to 1 to enable PF_RING debug tracing into the syslog, 2 for more verbosity (uint) parm: transparent_mode:(deprecated) (uint)

or: lsmod | grep pf_ring pf_ring 1241088 6

if i running masscan like: masscan --pfring -p80,8000-8100 10.0.0.0/8 --rate=10000

console give me:

Segmentation fault: please post this backtrace to: https://github.com/robertdavidgraham/masscan/issues

2: [/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20) [0x7fb008643f20]] ?? ??:0 1: [masscan(+0xaa45) [0x560625db3a45]] ?? ??:0 How correctly install pf_ring compatible with masscan? Also, as i understand, i need to buy PF_RING driver? (https://shop.ntop.org/) best regards.

mzpqnxow commented 3 years ago
  1. I suggest building PF_RING from source. This includes the kernel driver, the userspace tools and the libraries
  2. Yes, you have to pay or you're limited to some amount of packets that can be transmitted if I remember correctly. It's relatively inexpensive, something like 50 euro for 1Gbps NICs, 150 euro for 10G
kotee4ko commented 1 year ago

So, any updates on this issue?

Same thin with the latest pf_ring built from source