Snort mailing list archives
Re: snort under high density traffic
From: Mehmet Ersan TOPALOGLU <mersan () ceng metu edu tr>
Date: Wed, 13 Aug 2003 11:40:49 EEST
10 Aug 2003 21:19 EEST tarihinde yazmýþsýnýz:
On Sun, 10 Aug 2003, Mehmet Ersan TOPALOGLU wrote:I sent total of 4800000 packets to the network and snort reports at the end. "Snort analysed 3800000 packets out of 7000000 packets dropping ...." I am sure LAN is isolated no other packets can come from outside and $cat /proc/net/dev says 3800000 packet received. Story is the same when i use one packet dumper via tcpreplay at 30Mbit/s. Dropping packets is normal but total packets exceed with a great amount that sent in the LAN. What can be the reason for that? I am using Snort v1.9 and redhat 9 linux PC with kernel 2.4.20. and libpcap v0.7Upgrade. Update Snort to 2.0.1 and lipcap to Phil Wood's patched version [0]. What you're seeing is a known issue with older Snorts Older pcaps Linux. Make sure you've got decent NIC's and drivers for the NICs. Make sure the cards are at 100 FDX, and aren't set at 10 half. If you're seeing tons of collisions and retransmissions then you'll "see" more than are actually there. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://public.lanl.gov/cpw/
I had done what you have told but still i have the same problem. Any idea? Thanks in advance ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 10)
- Re: snort under high density traffic Erek Adams (Aug 10)
- <Possible follow-ups>
- Re: snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 13)
- Re: snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 14)
- Re: snort under high density traffic Edin Dizdarevic (Aug 14)
- Re: snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 14)
- Re: snort under high density traffic Edin Dizdarevic (Aug 14)
- Re: snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 15)
- Re: snort under high density traffic Edin Dizdarevic (Aug 15)
- Re: snort under high density traffic Mehmet Ersan TOPALOGLU (Aug 18)
- Re: snort under high density traffic Edin Dizdarevic (Aug 14)