tcpdump only shows L2 traffic when Packet Monitoring is enabled

book

Article ID: 168530

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Upon inspecting a tcpdump, you notice only L2 traffic was captured.
NoteThis article assumes you have already enabled Packet Monitoring 

Cause

This is a known issue.
An additional file is required in order for the tcpdump to collect more then just L2 traffic

Resolution

SCP the file (attached to the article) to the appliance to the /home/dlpremote folder
 
  1. Backup current tg3.ko driver
# cp /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko /root/tg3.ko
  1. Copy the new tg3.ko
# cp /home/dlpremote/tg3.ko  /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/
  1. Make sure permissions are set correctly on the new driver # chown root:root /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko /root/tg3.ko
# chmod 744 /lib/modules/2.6.18-308.11.1.el5CGN5/kernel/drivers/net/tg3.ko
  1. Reboot.

Attachments

tg3.ko get_app