ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

tcpdump only shows L2 traffic when Packet Monitoring is enabled


Article ID: 168530


Updated On:


Data Loss Prevention


Upon inspecting a tcpdump, you notice only L2 traffic was captured.
NoteThis article assumes you have already enabled Packet Monitoring 


This is a known issue.
An additional file is required in order for the tcpdump to collect more then just L2 traffic


SCP the file (attached to the article) to the appliance to the /home/dlpremote folder
  1. Backup current tg3.ko driver
# cp /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko /root/tg3.ko
  1. Copy the new tg3.ko
# cp /home/dlpremote/tg3.ko  /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/
  1. Make sure permissions are set correctly on the new driver # chown root:root /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko /root/tg3.ko
# chmod 744 /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko
  1. Reboot.


tg3.ko get_app