Snort mailing list archives

RE: Bandwidth measurements and correlations

From: "Jan van den Berg" <jan () e-commercepark com>
Date: Wed, 12 Mar 2003 15:08:20 -0400

This is something I am really interested in too.

What is the bandwidth when Snort starts dropping packets?

I read in "Network Intrusion Detection An Analyst's Handbook" on page 35
that it fairly common for an IDS to drop packets... "at some point, the
sensor has to start dropping packets" ....

So what are Snorts limitations considering bandwidth in correlation with
hardware?

Regards,

Jan van den Berg

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Gordon
Cunningham
Sent: Monday, March 10, 2003 6:37 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Bandwidth measurements and correlations

Has anyone taken time to set up and measure Snort logging and alerting
bandwidth requirements in correlation to the machine/CPU speeds and
network
wire traffic levels?  Are there any published guides about this kind of
measurement?  I need to estimate WAN load that would be generated by a
remote Snort sniffer if we use a central database repository for logging
packet payloads, alerts, or both, so that I can make a decision about
the
kind of segment traffic that would require a local storage capability
rather
than remote database.

Positive:  Thoughts?  Comments?  Suggestions?  Experiences?


- Gordon




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort problems Adam Kennedy (Mar 06)
- Re: Snort problems Erick Mechler (Mar 06)
- Re: Snort problems Erek Adams (Mar 06)
  - Re: Snort problems Adam Kennedy (Mar 07)
    - Re: Snort problems Adam Kennedy (Mar 10)
    - Re: Snort problems Erek Adams (Mar 10)
    - Bandwidth measurements and correlations Gordon Cunningham (Mar 10)
    - logging traffic volume (was Re: Bandwidth measurements and correlations) Bennett Todd (Mar 11)
    - RE: Bandwidth measurements and correlations Jan van den Berg (Mar 12)
    - Re: Snort problems Jeff Nathan (Mar 11)
    - Re: Snort problems Adam Kennedy (Mar 11)
    - Re: Snort problems SOLVED Adam Kennedy (Mar 11)