Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort problems

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Wed, 22 Jun 2016 13:17:41 +0000
Hello,

Can you clarity “we are using snort to transmit two types of packets”? (Do you mean you are running snort inline? If 
so.. How are you running/starting snort? Are you using afpacket, pfring, netmap etc..)

Also “more than 70% of traffic being dropped between snort and internet” (Do you see snort dropping the traffic in the 
exit stats? Are you sure the traffic in question is making it to snort?)

Thanks.

Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com<mailto:allewi () cisco com>


From: BOCAL CALBO <meschoses () yahoo fr<mailto:meschoses () yahoo fr>>
Reply-To: BOCAL CALBO <meschoses () yahoo fr<mailto:meschoses () yahoo fr>>
Date: Wednesday, June 22, 2016 at 8:52 AM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] snort problems

Hello,


We are using snort in an IDS for a while now, and we are facing a problem on packets that are
dropped.

In few words we are using snort to transmit two types of packets the SIP one and the UDP one, and

observing the server when working, all our SIP packets passed well through snort to the next server, but more than 70 % 
of our UDP packets are dropped between the internet network and snort.

We will be thankfull to hear from you what is happening. For that we have attached our sostat and netstat -i output .

thank you in advance.

Gilles & Maurizio.

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: