{"id":3809,"date":"2018-11-09T15:09:06","date_gmt":"2018-11-09T14:09:06","guid":{"rendered":"http:\/\/nil2.kis.fri.uniza.sk\/?p=3809"},"modified":"2019-05-17T14:22:34","modified_gmt":"2019-05-17T12:22:34","slug":"moloch-network-interface-configuration","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/moloch-network-interface-configuration\/","title":{"rendered":"Moloch &#8211; Network interface configuration"},"content":{"rendered":"<p>Considering the possibility of packet loss at high traffic flows, it is recommended for the packet capture interface to <strong>NOT<\/strong> be the same as the interface connected to the internet, in this case, the interface assigned with static IP address. On the server in our lab there are two interfaces, one for packet capture and one for \u201coutside\u201d communication. To prevent packet loss, it is recommended to increase the Moloch-side interface\u2019s buffer to maximum and turn off most of the NIC\u2019s services by using the following commands:<\/p>\n<pre><code>ethtool \u2013G enp0s9 rx 4096 tx 4096 \nethtool \u2013K enp0s9 rx off tx off gs off tso off gso off \n<\/code><\/pre>\n<p>You can find out the maximum buffer size using the ethool -g command, to check NIC\u2019s services use the ethtool -k command. Disable most of NIC\u2019s services, since you want to capture network traffic instead of what the OS can see, they are not going to be used anyway.<\/p>\n<h3><a id=\"Sources_11\"><\/a>Sources<\/h3>\n<ul>\n<li><a href=\"http:\/\/opac.crzp.sk\/?fn=detailBiblioFormChild3&amp;sid=B7A4F0D5DE0EE4D8F05E77CD7EE5\">CRZP<\/a> Komplexn\u00fd syst\u00e9m pre detekciu \u00fatokov a archiv\u00e1ciu d\u00e1t &#8211; Moloch<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Considering the possibility of packet loss at high traffic flows, it is recommended for the packet capture interface to NOT be the same as the interface connected to the internet, in this case, the interface assigned with static IP address. On the server in our lab there are two interfaces, one for packet capture and&#8230;<\/p>","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[872],"tags":[874,906],"class_list":["post-3809","post","type-post","status-publish","format-standard","hentry","category-network-security-moloch-en","tag-moloch","tag-network-interface-configuration"],"taxonomy_info":{"category":[{"value":872,"label":"Moloch"}],"post_tag":[{"value":874,"label":"Moloch"},{"value":906,"label":"network interface configuration"}]},"featured_image_src_large":false,"author_info":{"display_name":"Tom\u00e1\u0161 Moko\u0161","author_link":"https:\/\/nil.uniza.sk\/en\/author\/tomas-mokos\/"},"comment_info":1890,"category_info":[{"term_id":872,"name":"Moloch","slug":"network-security-moloch-en","term_group":0,"term_taxonomy_id":870,"taxonomy":"category","description":"","parent":707,"count":14,"filter":"raw","cat_ID":872,"category_count":14,"category_description":"","cat_name":"Moloch","category_nicename":"network-security-moloch-en","category_parent":707}],"tag_info":[{"term_id":874,"name":"Moloch","slug":"moloch","term_group":0,"term_taxonomy_id":872,"taxonomy":"post_tag","description":"","parent":0,"count":10,"filter":"raw"},{"term_id":906,"name":"network interface configuration","slug":"network-interface-configuration","term_group":0,"term_taxonomy_id":904,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/3809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=3809"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/3809\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=3809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=3809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=3809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}