Skip to content
  • There are no suggestions because the search field is empty.

Enabling packet capture on Linux

 

The Block 64 application and BlockBox appliance are equipped to capture network data for dependency mapping. While most Linux distributions function without additional setup, some may need further configuration. The Linux traffic monitor utilizes the AF_PACKET socket for packet capture. On certain distributions, the af_packet module might not be loaded at startup.

To check if this is the case, you can execute the following command on most Linux distributions, as they contain the configuration parameters used to compile the kernel:

`grep -x 'CONFIG_PACKET=[ym]' "/boot/config-$(uname -r)"`

If CONFIG_PACKET is compiled as a module but isn't loaded, you must ensure it loads at startup by following these steps:

  1. Check that the module isn't loaded: lsmod | grep -i af_packet - there should be no match.
  2. Create the configuration file: echo "af_packet" > /etc/modules-load.d/af_packet.conf
  3. Reboot the system.
  4. Confirm the module is now loaded: lsmod | grep -i af_packet - a match should appear.