Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Optimizations

From: Y M <snort () outlook com>
Date: Fri, 13 Nov 2015 11:50:09 +0000

Comments inline.
________________________________________
From: Turnbough, Bradley E. <bturnbough () belcan com>
Sent: Thursday, November 12, 2015 4:41 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort Optimizations

Hi All,

Does snort have the ability to use the latest / greatest GPU technology to help offload some of the traffic detection?


Not that I am aware of.


Other than being specifically compiled for PF_RING, are there any requirements of PF_RING?  I.e.  special hardware?


Other than PF_RING prerequisites and runtime options, I am not aware of specific requirements. Intel cards with 
PF_RING drivers can do a decent job. Most specialized hardware like network drivers usually come with their own 
sniffing drivers and libpcap/DAQ libraries. Other options than PF_RING are netmap which is baked into DAQ/Snort, and 
there is also Packet-Bricks which is still relatively experimental but seems promising. Your OS of choice also can 
add constraints. For example, PF_RING is not supported on *BSD systems.


Lastly, does snort need any additional flags during run time to be told to use any special CPU extensions?  For 
example: open vpn can utilize the AESNI extension to speed up traffic encryption / decryption, but only if told 
specifically told to during run time.  Otherwise it doesnt use the AESNI extension.


Not aware (again) of such support but combined with PF_RING, you can set CPU Affinity/Pinning per Snort process to 
support load balanced packets/streams. In general, maintain a balance between fast CPUs and number of cores per CPU. 
Other optimizations include network driver optimizations, OS-level optimizations, and the greatest optimization of 
all is rules tuning.



 Hope this helps.

_____________________________________________________________ This e-mail transmission contains information that is 
confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in 
error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, 
copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately 
by informing the sender that the message was misdirected. After replying, please erase it from your computer system. 
Your assistance in correcting this error is appreciated.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: