Snort mailing list archives
Re: Help needed: Performance Check & Traffic Capture
From: David Lambert <dlambert () demo legallock com>
Date: Wed, 2 Jan 2002 10:11:17 -0600
Thanks, that works fine. Does anyone know if this fix is why nessus supplies its own version of the libpcap libraries? Dave. On Tuesday 01 January 2002 09:50 pm, Phil Wood wrote:
On Tue, Jan 01, 2002 at 04:55:06PM -0800, Erek Adams wrote:On Tue, 1 Jan 2002, David Lambert wrote:Thanks for the pointer to this. Unfortunately when I tried this it gave me the following results. Any idea why the crazy first line? Everything else seems to work fine.None. That's an odd one. What OS, Version/Build of Snort and hardware are you running this on? Linux based?======================================================================= ======== Snort analyzed -235601920 out of 16777216 packets, dropping 252379136(1504.297%) packets[...snip...] If it's Linux based, check the archives from the snort-dev list at http://marc.theaimsgroup.com/ for some patches provided by Phil Wood <cpw () lanl gov> to make libpcap + Linux 2.4(?) play nice.Hi, the pcap library is fixed at tcpdump.org. Pull down the current library: http://www.tcpdump.org:80/daily/libpcap-current.tar.gz It has the fix to pcap_stats. It does not have the "turbo" patches which use a ring buffer. I have that in a different tarball which I'm still not 100% sure about. If you get the above working and would like to try something even more bizarre, drop me an email. Phil (cpw () lanl gov)Anyone else? ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help needed: Performance Check & Traffic Capture Marc Dreher (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Traffic 'surrounding' an alert (was: Help needed: Performance ...) Marc Dreher (Jan 02)
- Re: Traffic 'surrounding' an alert (was: Help needed: Performance ...) Chris Green (Jan 02)
- <Possible follow-ups>
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture Phil Wood (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 02)
- Re: Help needed: Performance Check & Traffic Capture Marc Dreher (Jan 02)
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)