Snort mailing list archives
Output Plugin Delay, Latency, and PPM
From: Korodev <korodev () gmail com>
Date: Fri, 6 May 2011 10:54:37 -0500
Hey guys, I'm pretty sure Jason B fwded this to the snort team, but I wanted to make sure it made it on the snort-devel list. I'm currently running 2.9.0.5, with a custom output plugin, and only one rule loaded which alerts on any icmp packet. I ran the test below with config ppm: max-pkt-time 100 (microseconds) tcpdump sees the packet on msk0 at 17:53:40.699582 tcpdump sees the packet on bridge0 at 17:53:40.699585 tcpdump sees the packet leave msk1 at 17:53:40.799122 Custom output plugin first sees the packet at 17:53:41.228636 Custom output plugin is done with all output operations on the packet at 17:53:41.228668 The 100 ms delay between entrance at msk0 and exit at msk1 is supposed to be there as I'm using dummynet to simulate latency. What I'm confused about is why it's taking ~470 milliseconds for the packet to reach my output plugin, even when I have config ppm set at 100 microseconds? Any thoughts or other tests I should run? \\korodev ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Output Plugin Delay, Latency, and PPM Korodev (May 07)
- Re: Output Plugin Delay, Latency, and PPM beenph (May 07)
- Re: Output Plugin Delay, Latency, and PPM Korodev (May 06)
- Re: Output Plugin Delay, Latency, and PPM beenph (May 06)
- Re: Output Plugin Delay, Latency, and PPM Korodev (May 07)
- Re: Output Plugin Delay, Latency, and PPM Korodev (May 06)
- Re: Output Plugin Delay, Latency, and PPM beenph (May 07)