Suricata Inline Mode and Online Bank Deposit
-
So, I attempted to deposit a check into my bank account and got the following on the PFSense monitor screen:
196.115874 [1071] netmap_grab_packets bad pkt at 445 1en 2164
I wasn't sure what's going on; so, I switch to the legacy mode because I needed to make the deposit. I was using my phone to make the deposit. After the deposit completed, I change to inline mode again. Also, Barnyard2 still wouldn't start despite making the necessary configuration changes in Advance >networking.
-
So, I attempted to deposit a check into my bank account and got the following on the PFSense monitor screen:
196.115874 [1071] netmap_grab_packets bad pkt at 445 1en 2164
I wasn't sure what's going on; so, I switch to the legacy mode because I needed to make the deposit. I was using my phone to make the deposit. After the deposit completed, I change to inline mode again. Also, Barnyard2 still wouldn't start despite making the necessary configuration changes in Advance >networking.
This is not malicious traffic. It simply means the netmap interface between your NIC driver and kernel is not liking something in the stream. Most likely some incompatibility issue or perhaps a bug in the netmap code. Several folks have reported that error with inline IPS mode.
Bill
-
So, I attempted to deposit a check into my bank account and got the following on the PFSense monitor screen:
196.115874 [1071] netmap_grab_packets bad pkt at 445 1en 2164
I wasn't sure what's going on; so, I switch to the legacy mode because I needed to make the deposit. I was using my phone to make the deposit. After the deposit completed, I change to inline mode again. Also, Barnyard2 still wouldn't start despite making the necessary configuration changes in Advance >networking.
This is not malicious traffic. It simply means the netmap interface between your NIC driver and kernel is not liking something in the stream. Most likely some incompatibility issue or perhaps a bug in the netmap code. Several folks have reported that error with inline IPS mode.
Bill
Thank you Bill for responding…I didn't think it was anything malicious...I had implemented the inline mode Monday night; so, I wasn't sure whether the check image transfer happened.
-
I should also note that the error message is being generated by the FreeBSD kernel code (specifically the netmap module) and not Suricata. You might want to report this upstream to the FreeBSD folks.
Bill
-
I should also note that the error message is being generated by the FreeBSD kernel code (specifically the netmap module) and not Suricata. You might want to report this upstream to the FreeBSD folks.
Bill
Glad you followed up Bill…I had attempted to fine tune the NIC via here: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards...it seems to help for a while until I started getting igb1 watchdog timeout and eventually the same netmap_grab_packets bad pkt. My NIC is Intel dual gigabit PCle 82575 and I went back to legacy mode despite not having any freezing or other weird behavior with PFsense or Suricata during the inline mode.
How do I report upstream to FreeBSD...they don't seem to accept anyone who mentioned PFSense?
-
Okay Bill…found it...FreeBSD Bugzilla – Bug 226289 Submitted...Bug 226289 has been successfully created.
