BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
Issues related to installation, running, bugs, and features.

TOPIC: Installer Package

Re:Installer Package 10 years 6 months ago #460

Hello Leif,

That is strange - because the --listdev option just does a pcap_findalldevs() and prints its output.


Can the stock tcpdump see the other DAG interfaces ?

You can get tcpdump to list all interfaces like this
tcpdump -D



Thanks,
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.

Re:Installer Package 10 years 6 months ago #461

  • anantha narasimhan
  • anantha narasimhan's Avatar
ltishend wrote:
Still not finding the other interfaces. Not sure why it's only picking out 12 and 14. Everything below 20 has something listening on it, nothing special about those 2.[/quote] pcap_findalldevs() does not show DAG streams that are locked (by an application thats reading off it). Probably in your case all but these two streams are currently being read from. If you have access to the dagtools, try attaching to any desired stream using dagbits. If dagbits fails to attach to a stream, it logs an error message, that might be able to give you an indication of whether the stream is locked by someone else or any other issue.[code]

Still not finding the other interfaces. Not sure why it's only picking out 12 and 14. Everything below 20 has something listening on it, nothing special about those 2.

pcap_findalldevs() does not show DAG streams that are locked (by an application thats reading off it). Probably in your case all but these two streams are currently being read from. If you have access to the dagtools, try attaching to any desired stream using dagbits. If dagbits fails to attach to a stream, it logs an error message, that might be able to give you an indication of whether the stream is locked by someone else or any other issue.
The administrator has disabled public write access.

Re:Installer Package 10 years 6 months ago #462

anantha narasimhan wrote:

pcap_findalldevs() does not show DAG streams that are locked (by an application thats reading off it). Probably in your case all but these two streams are currently being read from. If you have access to the dagtools, try attaching to any desired stream using dagbits. If dagbits fails to attach to a stream, it logs an error message, that might be able to give you an indication of whether the stream is locked by someone else or any other issue.

There is no problem with the Dag streams and there is nothing using the streams above 30. In fact the 2 streams that Trisul is finding are being used by an application. There is nothing wrong with the Dag card or any other application attempting to use it (Argus, Tcpdump, nTop, Snort etc.) just Trisul.

vivek [unleash] wrote:
Hello Leif,

That is strange - because the --listdev option just does a pcap_findalldevs() and prints its output.


Can the stock tcpdump see the other DAG interfaces ?

You can get tcpdump to list all interfaces like this

So tcpdump -D gives the same list of interfaces as Trisul:
tcpdump -D
1.eth0
2.dag0:12
3.dag0:14
4.eth1
5.usbmon1 (USB bus number 1)
6.usbmon2 (USB bus number 2)
7.usbmon3 (USB bus number 3)
8.usbmon4 (USB bus number 4)
9.usbmon5 (USB bus number 5)
10.usbmon6 (USB bus number 6)
11.usbmon7 (USB bus number 7)
12.usbmon8 (USB bus number 8)
13.any (Pseudo-device that captures on all interfaces)
14.lo

However, as with all the other applications I run, I can pick the interface and use it just fine.
tcpdump -v -i dag0:62
tcpdump: listening on dag0:62, link-type EN10MB (Ethernet), capture size 65535 bytes

33 packets captured
33 packets received by filter
0 packets dropped by kernel

But when I try to select the interface in Trisul I continue to get:
ns-001.log:Fri May  6 09:15:27 2011.906009 DEBUG Opening and registering adapter 0 dag0:62
ns-001.log:Fri May  6 09:15:30 2011.315482 INFO  Found adapter [2] dag0:12 :  (No description available)
ns-001.log:Fri May  6 09:15:30 2011.315493 INFO  Found adapter [3] dag0:14 :  (No description available)
ns-001.log:Fri May  6 09:15:30 2011.315603 ERROR Requested adapter 0 [dag0:62] not found on this machine
ns-001.log:Fri May  6 09:15:30 2011.315622 ERROR Error initializing adapter dag0:62, see previous errors 
ns-001.log:Fri May  6 09:15:30 2011.315631 INFO  Removing  interface dag0:62 from listener list
The administrator has disabled public write access.

Re:Installer Package 10 years 6 months ago #463

Thanks Leif,

Trisul is doing the wrong thing I guess. Trisul wants the interface specified to appear in pcap_findalldevs, this check is unnecessary. It should just go ahead and try to open it and see if it works.

I will fix this & get a new build out in the next few hours.


Thanks,
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.

Re:Installer Package 10 years 6 months ago #464

Thanks for waiting,

A new DEB of Trisul is available that fixes this problem. Please download it from the Trisul > Get Latest Builds area or use this direct link unleashnetworks.com/lib/private/0507/ubu...ul_1.2.712_amd64.deb

It should listen on the DAG interfaces now.
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.

Re:Installer Package 10 years 6 months ago #466

So it looks like it's successfully opening the interface briefly, I see the counters reset, but then I get:
In ns-001.log:
ns-001.log:Mon May  9 09:30:23 2011.501438 DEBUG Opening and registering adapter 0 dag0:62
ns-001.log:Mon May  9 09:30:25 2011.775690 DEBUG Found adapter [2] dag0:12 :  (No description available)
ns-001.log:Mon May  9 09:30:25 2011.775706 DEBUG Found adapter [3] dag0:14 :  (No description available)
ns-001.log:Mon May  9 09:30:25 2011.775872 WARN  Requested adapter 0 [dag0:62] not in enumeration, will try opening anyway
ns-001.log:Mon May  9 09:30:25 2011.842756 ALERT Libpcap or the adapter dag0:62 does not support select/poll  falling back on nonblocking pcap_dispatch 

In Syslog:
May  9 09:30:25 kernel: [6437973.716741] trisul[17638]: segfault at 10 ip 00000000004b43bd sp 00007fff46051410 error 4 in trisul[400000+2d1000]
The administrator has disabled public write access.
Moderators: vivek [unleash]
Time to create page: 0.036 seconds