信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
suricata内核丢包及抓包工作模式解读
2019-08-15 10:03:31
1390
0
0
heming
# 0.参考 [1] [Suricata IDPS and its interaction with Linux kernel](https://www.netdevconf.org/1.1/proceedings/papers/Suricata-IDPS-and-its-interaction-with-Linux-kernel.pdf) [2] [A comparative analysis of the Snort and Suricata intrusion-detection systems(设置内核参数-21page)](https://pdfs.semanticscholar.org/981b/ad87d793f685e1736d38dfd056b73385d9e8.pdf) [3] [suricata:A Decade under the Influenece of packet sniffing](https://www.slideshare.net/JasonWilliams288/suricata-a-decade-under-the-influence-of-packet-sniffing) <center> ![life of a packet](https://leanote.com/api/file/getImage?fileId=5d54bd47ab64411c000003f0) </center> # 1.网卡设置 # 1.抓包模式 suricata interacts in a number of ways with the underlying operating system to capture network traffic.Under **Linux** it supports a wide range of** capture methods** ranging from **AF_PACKET to NFQUEUE or NFLOG** Suricata principal capture method is AF_PACKET - AF_PACKET - NFQUEUE(IPS模式) - NFLOG(也可用作IPS模式,需要拷贝到用户空间) # 2.内核设置 adjusted several kernel setting on the server to increase the memory allocated to the networking buffer. the following commands were used to increase the kernel buffer sizes ``` sysctl -w net.core.netdev_max_backlog=10000 sysctl -w net.core.rmem_default=16777216 sysctl -w net.core.rmem_max=33554432 sysctl -w net.ipv4.tcp_mem='194688 259584 389376' sysctl -w net.ipv4.tcp_rmem='1048576 4194304 33554432' sysctl -w net.ipv4.tcp_no_metrics_save=1 sysctl -w net.core.netdev_max_backlog=10000 ```
上一篇:
suricata 常用命令
下一篇:
网卡相关设置
0
赞
1390 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航