Snort mailing list archives
Re: dropping packets
From: hchlai () netscape net (Hugo)
Date: Thu, 27 Jan 2005 16:44:06 -0500
It seems like I'm on a high traffic volume network and will probably need tp upgrade my libpcap to mmap, unfortunately, I haven't got much success. I don't understand how to get Snort to use the new libpcap. Any pointers would be appreciated. I wonder how the sourcefire products solve this problem? Hugo Martin Roesch <roesch () sourcefire com> wrote:
Hi Hugo, Try getting rid of the -v option when you're running Snort, that may be draining some performance and since you're in daemon mode. What's the platform/specs of the box you're running Snort on? -Marty On Jan 26, 2005, at 12:32 PM, Hugo wrote:I have realized that Snort has been dropping packets even I'm running it inconjuction with Barnyard. Does anybody know what causes Snort to drop packets? I'm running Barnyard with these options: barnyard -c -d -g -f -s -n -w -a and Snort with the following: snort -c -i -g -Dv I'm recording about 1%-2% of packets being dropped by Snort... sometimes as high as 6%. Many thanks! Hugo __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
__________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- dropping packets Hugo (Jan 26)
- Re: dropping packets Martin Roesch (Jan 28)
- <Possible follow-ups>
- RE: dropping packets Basselgia, Barry A Mr (NAF Atsugi) (Jan 26)
- Re: dropping packets Hugo (Jan 27)
- Re: dropping packets Hugo (Jan 27)
- Re: dropping packets Lawrence Reed (Jan 27)
- Re: dropping packets Alex Butcher, ISC/ISYS (Jan 31)