Multiple interfaces selection and promiscuous
When setting up capturing interface during decoder installation,
There is something useful if you know what happen under the hood of decoder.
[Network Interfaces] - S5 gear
standard interfaces: em1(IXGBE), em2(IXGBE), em3(management), em4
pfring interface: p2p1, p2p2 (10G interfaces)
I'd like to cover or discuss how to configure capturing interfaces based on each scenario below.
- 10G traffic via pfring + 1G traffic via packet_mmap
- 1G traffic on em3 (HTTP and others) + 1G traffic over em4 (SMTP only)
Does this scenario reflect your environment? if not, plz add your environment.
- 10g decoder
- capturing interfaces
- Community Thread
- Forum Thread
- netwitness logs and packets
- RSA NetWitness
- RSA NetWitness Platform