Snort mailing list archives
RE: Snort dropping packets?!?!?!?!?!
From: "Gene Gomez" <gegomez () tycoint com>
Date: Wed, 17 Jul 2002 09:13:21 -0700
You should probably at least replace the NICs with name-brand ones. Cheap NICs usually result in really poor performance on pretty much ANYTHING. You don't usually see the problems on a home network (which is where these cheap NICs are actually targetted at selling into), but on a network with any kind of performance requirements you quickly see all kinds of strange things occur. At any rate, my backbone here is 4.5M. My setup is like so: P2-233Mhz 128MB RAM 2x 3Com 90x NICs RHLinux7.2 Snort 1.8.7 MySQL 3.23.49 I'm not seeing any problems logging packets. In fact, I'd say I'm probably logging too many. :) Gene -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of James Ashton Sent: Wednesday, July 17, 2002 8:32 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort dropping packets?!?!?!?!?! Hey everyone, I have a speed issue with snort. I have posted before about it and was recomended Barnyard. Here is the setup. K6-2 400 2- P-net nics. (super cheap) latest snort with customised sig base. output to barnyard barnyard into MySQL on the same box The issue is this. When snort isnt running it detects all packets from my network. Which is running about 2Mb/s. As soon as snort is brought up st starts dropping packets. It is now down to picking up only 1/25 of the packets on the network.even with no preprocessors running and no signatures turned on. I take it there is sime problem between snort and the OS (redhat 7.2). Either that or snort and my cheap NIC dont get along. I have run this without mysql or barnyard running and with no preprocessors and signatures it cant be the snort engine right???? Normaly snort is running 8.5% cpu, with everything turned off it is runing 0.3%cpu. That is as it should be, but it is still dropping packets at the same rate. any ideas??? _______________________________ James Ashton 13840 Osprey Links Dr, #219 Orlando Fl, 32837 407-859-5218 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort dropping packets?!?!?!?!?! James Ashton (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Gene Gomez (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Matt Kettler (Jul 17)
- Message not available
- Re: REMOVE PLEASE IMMEDIATELY Matt Kettler (Jul 19)
- RE: Snort dropping packets?!?!?!?!?! Matt Kettler (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Gene Gomez (Jul 17)
- Re: Snort dropping packets?!?!?!?!?! Roelof JT Jonkman (Jul 17)
- Re: Snort dropping packets?!?!?!?!?! John Sage (Jul 17)