Snort mailing list archives
kernel dropping packets.
From: Jonathan <rakocy () cs wisc edu>
Date: Mon, 29 Jul 2002 18:51:36 -0500 (CDT)
Snort runs on OpenBSD 3.1. It sits on a gigabit interface connected to our gateway. I'm wondering if anyone has had a similar problem with dropped packets. I'm assuming that missing 73% of packets is very bad and nearly defeats the purpose of running snort. The hardware is all new..2ghz athlon and 1GB of memory. This is how I run snort. #!/bin/sh /usr/local/bin/snort -d -i ti0 -l /usr/local/snort/logs -c /usr/local/snort/rules/snort.conf -D but when I run just this (snort -v) I loose the packets. Is there any way to check this information while snort is running via the top command I use? Are dropped packets normal with snort just running in sniffer mode? I ask because we had a break in a week ago and there were only portscans that showed up in the logs but the system had definitly been compromised. Thank you, ~Jonathan Rakocy Computer Systems Lab snort -v Snort analyzed 492 out of 3465 packets, The kernel dropped 2532(73.074%) packets Breakdown by protocol: Action Stats: TCP: 492 (14.199%) ALERTS: 0 UDP: 0 (0.000%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) =============================================================================== Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Snort received signal 2, exiting ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- kernel dropping packets. Jonathan (Jul 29)
- Re: kernel dropping packets. Roelof JT Jonkman (Jul 29)
- <Possible follow-ups>
- RE: kernel dropping packets. Moyer, Shawn (Jul 29)
- RE: kernel dropping packets. Moyer, Shawn (Jul 30)
- RE: kernel dropping packets. Moyer, Shawn (Jul 31)
- Re: kernel dropping packets. Chris Keladis (Jul 31)
- RE: kernel dropping packets. Virgil (Jul 31)