1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
Note to the *BSD users.
Nessus uses the pcap library, which uses the
berkeley packet filter (bpf) to do its job.
Since Nessus used multiple processes, several pcap-aware plugins will
need to access the the bpf at the same time.
This means that you need to recompile your kernel with the
following option :
pseudo-device bpfilter NUM
(or pseudo-device bpf NUM)
Where 'NUM' is the number of bpf you want -- it should be equal to
the 'max hosts number' option you enter in nessusd x the
'max plugins' option.
If for instance you want to have 10 nessusd running at the same time,
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
(as nessusd is extremely lightweight, you can expect to have this amount
of processes running at the same time)
If you plan to scan a whole network, we recommand you create at least
100 of them.
Once your kernel has been rebuilt, get root, cd to /dev
and do :
i=0; while [ $i -lt 100];
do
./MAKEDEV bpf$i
let i=$i+1
done
On FreeBSD, you can directly do :
./MAKEDEV bpf+100
If you can not recompile your kernel, you can try to run the configure
script with the option --enable-bpf-sharing. In this case, nessusd will
try to share one /dev/bpf among multiple processes and do the filtering
in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO
NOT RECOMMAND ENABLING IT.
|
