Snort mailing list archives
RE: Comparison of freebsd and linux [was: snort packet loss rate}
From: "Michael Scheidell" <scheidell () secnap net>
Date: Thu, 27 Apr 2006 19:42:25 -0400
Box F1 Box F2 Box L1 (Freebsd 5.2.1) (Freebsd 5.2.1) (Linux 2.6.9) drop:~80% ~80% ~80% After I made following changes on F1 and L1 on F1 1. enable device_polling 2. disable hyperthreading 3. disable smp and leave only 1 cpu 4. enlarge libpcap memory usage 5. downgrade libpcap.0.9.4 to 0.8.3 and change the source code on L1: 1. Install mmap libpcap The results are: Box F1 Box F2 Box L1 (Freebsd 5.2.1) (Freebsd 5.2.1) (Linux 2.6.9) drop:~80% ~80% ~50% With no rules and no preprocessors ,they are: Box F1 Box F2 Box L1 peak:0.1% 21% 0.05%
I am running (in several instances) FBSD 5.4, full snort, community AND bleeding edge rules and see typical only 5% packet drop. Maybe about 10% on 4.11 (4.11 didn't handle HTT as well as 5.4) Not sure why even tcpdump is losing packets on your end. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Comparison of freebsd and linux [was: snort packet loss rate} Michael Scheidell (Apr 27)