[Snort-devel] Tcpdump Packet loss

Storms of Perfection ancient at ...459...
Sun Jun 10 07:58:23 EDT 2001


Have you checked to see if you have any firewall rules installed/active?

/ges

At 03:21 AM 6/9/2001, Subba Rao wrote:

>Hi
>
>I am running OpenBSD 2.8. The system has Tcpdump version 3.4.0 along with
>libpcap version 0.5
>
>After running tcpdump for a while on an active network (Linux, OpenBSD and 
>NT),
>I interrupted and saw the following output at the end,
>
>         83190 packets received by filter
>         81285 packets dropped by kernel
>
>Why are the packets being dropped by the kernel? The ethernet adapter is from
>3Com. I was told that OpenBSD NE2000 driver drop packets. The 3Com adapter
>works great. Does this mean that I cannot analyze all the traffic on the
>network?
>
>The final goal is to use Snort on this box. Several people, including
>Martin Roesch, recommend using OpenBSD as the platform for Snort. If packets
>are getting dropped, then I am concerned that Snort may miss some attacks in
>the dropped packets.
>
>Any information is appreciated.
>
>TIA.
>--
>
>Subba Rao
>subba9 at ...243...
>http://members.home.net/subba9/
>
>GPG public key ID 27FC9217
>Key fingerprint = 2B4C 498E 1860 5A2B 6570  5852 7527 882A 27FC 9217
>
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>http://lists.sourceforge.net/lists/listinfo/snort-devel






More information about the Snort-devel mailing list