[Snort-devel] Tcpdump Packet loss

Subba Rao subba9 at ...243...
Sat Jun 9 03:21:11 EDT 2001


Hi

I am running OpenBSD 2.8. The system has Tcpdump version 3.4.0 along with
libpcap version 0.5

After running tcpdump for a while on an active network (Linux, OpenBSD and NT),
I interrupted and saw the following output at the end,

	83190 packets received by filter
	81285 packets dropped by kernel

Why are the packets being dropped by the kernel? The ethernet adapter is from
3Com. I was told that OpenBSD NE2000 driver drop packets. The 3Com adapter
works great. Does this mean that I cannot analyze all the traffic on the
network?

The final goal is to use Snort on this box. Several people, including
Martin Roesch, recommend using OpenBSD as the platform for Snort. If packets
are getting dropped, then I am concerned that Snort may miss some attacks in
the dropped packets.
 
Any information is appreciated.

TIA.
-- 

Subba Rao
subba9 at ...243...
http://members.home.net/subba9/

GPG public key ID 27FC9217
Key fingerprint = 2B4C 498E 1860 5A2B 6570  5852 7527 882A 27FC 9217




More information about the Snort-devel mailing list