• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata randomly stops scanning interface

IDS/IPS
2
4
1.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nug
    last edited by Jul 15, 2015, 4:35 AM

    Suricata seems to run fine scanning my WAN connection.  Randomly I get the following line in the suricata.log file:

    15/7/2015 -- 10:32:02 - <error>-- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 The interface went down</error> 
    

    I have to turn off Suricata and start it again (hitting restart doesn't always seem to work).

    Is this a common issue?

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by Jul 15, 2015, 10:34 PM

      That is the first time that error has been reported.  From the text it appears something is happening to the libpcap process Suricata uses to capture packets.  What brand of physical NIC is in the box?

      Bill

      1 Reply Last reply Reply Quote 0
      • N
        nug
        last edited by Jul 16, 2015, 1:37 AM

        I'm using an onboard NIC and USB NIC:

        LAN/re0 = <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">port 0xe800-0xe8ff mem 0xf8fff000-0xf8ffffff,0xf8ff8000-0xf8ffbfff irq 17 at device 0.0 on pci4
        WAN/pppoe0 = gen5.2: <product 0x7720="" vendor="" 0x0b95="">at usbus5, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (250mA)</product></realtek> 
        

        I'm not 100% about the USB NIC listing as my freeBSD CLI knowledge is lacking.  Is there another command other than usbconfig I run to get the details?  I know it's a Belkin USB device.

        After writing this I'm starting to wonder if I switch my cables around and use the onboard as my WAN interface…

        1 Reply Last reply Reply Quote 0
        • B
          bmeeks
          last edited by Jul 17, 2015, 5:56 PM

          Swapping cables would be one thing to try.  It is possible that the libpcap library and the USB NIC don't play well together.

          Bill

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.