Snort mailing list archives
Re: Snort 2.9.5 / PFRing
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 27 Aug 2013 09:12:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 26/08/2013 23:14, Welters, Jon (LARC-B703)[LITES] wrote:
I went ahead and ran the pfcount userland app on the interface snort is monitoring and it lists all of the packets as filtered. This has got to be connected to my problem, however I'm not sure where to start troubleshooting, can someone point me in the right direction? One other data point: /usr/local/src/PF_RING-5.6.0/userland/examples/pfcount -i eth4 ========================= Absolute Stats: [527277 pkts rcvd][527277 pkts filtered][0 pkts dropped] Total Pkts=527277/Dropped=0.0 % 527'277 pkts - 620'476'946 bytes [35'145.43 pkt/sec - 330.86 Mbit/sec] ========================= Actual Stats: 31722 pkts [1'000.19 ms][31'715.78 pps/0.30 Gbps] =========================
If pfcount isn't working properly then it's probably a good question to ask on the ntop-misc (i.e. PF_RING) mailing list - - problems often seem to fall between here and there. Are you running PF_RING in a specific transparent_mode and if you're running with 1/2 have you installed the PF_RING NIC driver? It's interesting to see people having problems - - I'm shortly going to go for this upgrade to replace 2.9.3.1 before EOL. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSHF9mAAoJELhVoVpEMS6R7f0H/3kGOuaAmvSG8CXtD9G1JL5l nETWOdSfXyjmYh/vD5aKTSuow/5e7WL20FONaZJkK31CkAsXTdbRreN7/gyCjjxC XjzmMSg+xMbnH0OtNJOsuXWaNWmSvhcTAwEUwdiUypXdKgAgO/0P1KD4vIgP1GAB Em819K5J58n2AQh/EZHl1+xk5TqeqK+l/8wPHnlTgRVrp1sU2zLioitDOiKI0M6D bRpX+LC/oZeIShiET3vSvMZERubKi+/UFpmQT8WGVL1HGu88tNSetBM1kbk6vfND WfZR2q9UDusBxQCBhQP83e7Brm9JZWasdT5yCepdjM+8UQMkWQHXSOn798SbKhY= =TlVo -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 05)
- Re: Snort 2.9.5 / PFRing Russ Combs (Aug 05)
- Re: Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 26)
- Re: Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 26)
- Re: Snort 2.9.5 / PFRing Peter Bates (Aug 27)
- Re: Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 26)
- Re: Snort 2.9.5 / PFRing Russ Combs (Aug 05)