Snort mailing list archives
RE: Dropping packets why?
From: "Elijah Savage" <esavage () digitalrage org>
Date: Mon, 27 Oct 2003 23:24:44 -0500
Paul, With all do respect sir I think you need to read a bit more carefully before jumping all over someone I never said in any of my post I had a 15 meg pipe hell I would be dreaming for something like that at home, though I do have a oc3 and ds3 at work I said that I have a cable connection in my original post. Please see my original post below, but it was some other user that piped in about having a 15 meg pipe. I do appreciate all replies. Thank You Original Post I have snort setup on my openbsd firewall with 3 interfaces 2 intel interface 1 3com interface All are pci on 100mbit switches K62 300 128 meg of mem I figured this machine should be strong enough to simply handle a cable connection but I am dropping packets Snort analyzed 19376 out of 20072 packets, dropping 696(3.468%) packets I am running barnyard logging to a mysql database and using acid but all that is setup on a totally different machine. Any ideas where I can start looking to try and correct this, basically running with the default config except for changing the home_net. I want to see if I can figure this out then I will start tunning. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Paul Schmehl Sent: Monday, October 27, 2003 8:45 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Dropping packets why? --On Monday, October 27, 2003 6:50 PM -0500 Elijah Savage <esavage () digitalrage org> wrote:
Thank you all for reading my post but it seems you all did not read it and looked at my measly hardware and wanted to jump all over it. But this is for a cable internet connection 3megabitsDown/512up This
machine
should be way more than enough to keep up considering some of the hardware I have seen on some of the connections they are using. It has to be a config problem.
Well it certainly wouldn't hurt to be a little more accurate in your description of the problem. Above you tell us you have a 3MBps down connection whereas in your first post you said you had "a 15mb pipe to the Interne". That's five times the pipe you now claim to have. Makes it a bit tough for the average, non-ESP, reader to diagnose. I guess my first question would be, IIRC, SMP is still bleeding edge in FreeBSD, is it not? I suspect your problem is related to the kernel that you've built, but without more info it's really hard to say. You might try tweaking some of the kern. parameters. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Dropping packets why?, (continued)
- Re: Dropping packets why? Edin Dizdarevic (Oct 27)
- RE: Dropping packets why? O'Flynn, Derek (Oct 27)
- Re: Dropping packets why? Michael Sierchio (Oct 27)
- copious (snort_decoder) WARNING: Not IPv4 datagram! Ernie Lim (Oct 27)
- RE: copious (snort_decoder) WARNING: Not IPv4 datagram! Ernie Lim (Oct 27)
- Re: copious (snort_decoder) WARNING: Not IPv4 datagram! Geoff (Oct 27)
- Re: Dropping packets why? Michael Sierchio (Oct 27)
- Message not available
- RE: Dropping packets why? Matt Kettler (Oct 27)