[Snort-devel] Tcpdump Packet loss
Storms of Perfection
ancient at ...459...
Sun Jun 10 07:58:23 EDT 2001
Have you checked to see if you have any firewall rules installed/active?
At 03:21 AM 6/9/2001, Subba Rao wrote:
>I am running OpenBSD 2.8. The system has Tcpdump version 3.4.0 along with
>libpcap version 0.5
>After running tcpdump for a while on an active network (Linux, OpenBSD and
>I interrupted and saw the following output at the end,
> 83190 packets received by filter
> 81285 packets dropped by kernel
>Why are the packets being dropped by the kernel? The ethernet adapter is from
>3Com. I was told that OpenBSD NE2000 driver drop packets. The 3Com adapter
>works great. Does this mean that I cannot analyze all the traffic on the
>The final goal is to use Snort on this box. Several people, including
>Martin Roesch, recommend using OpenBSD as the platform for Snort. If packets
>are getting dropped, then I am concerned that Snort may miss some attacks in
>the dropped packets.
>Any information is appreciated.
>subba9 at ...243...
>GPG public key ID 27FC9217
>Key fingerprint = 2B4C 498E 1860 5A2B 6570 5852 7527 882A 27FC 9217
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
More information about the Snort-devel