Snort mailing list archives

PCAP stats problem

From: Yanyan Yang <toyyyang () yahoo com>
Date: Mon, 4 Aug 2003 11:34:19 -0700 (PDT)


Hello, all, I am running Snort 2.0 on a 2.2.x kernel with Alexey's patch and with libpcap version 0.8.030609 from Phil 
Wood. 

I found that it seems that PCAP stats never get reset, because it always shows much greater numbers than the actual 
number of packets received. Here are the output from Snort. I added in a couple lines to print out the value of 
"pc.total". 

======== My Data: Snort analyzed 6893 packets (pc.total) ========

==============================================================================
Snort analyzed 3729243 out of 3729243 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 5132       (0.138%)          ALERTS: 16
    UDP: 975        (0.026%)          LOGGED: 16
   ICMP: 4          (0.000%)          PASSED: 0
    ARP: 775        (0.021%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 7          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================

I'd greatly appreciate it if anyone could tell me how to solve this problem.

Yanyan.


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

Current thread:

Snort Application Logging 2 monroe (Aug 03)
- PCAP stats problem Yanyan Yang (Aug 04)
  - Weird question Paul Schmehl (Aug 04)
    - Re: Weird question Erek Adams (Aug 05)
    - RE: Weird question support (Aug 05)
    - RE: Weird question Erek Adams (Aug 06)
  - Re: PCAP stats problem Erek Adams (Aug 05)
- Re: Snort Application Logging 2 Erek Adams (Aug 05)