[Snort-devel] snort summary

Burak DAYIOGLU dayioglu at ...287...
Sat Apr 6 10:14:02 EST 2002


Hello,
I have overloaded a Snort sensor with more traffic than it can handle 
and the output is below.
What I cannot understand is the protocol breakdown. The total packets in 
the breakdown is
far less than that of those snort has analyzed (1500939). Similarly, the 
percentages when summed
do not make up 100%. Any ideas, comments?

-----
Snort analyzed 1500939 out of 2751180 packets, dropping 1250241(45.444%) 
packets

Breakdown by protocol:                Action Stats:
    TCP: 216270     (7.861%)          ALERTS: 210      
    UDP: 6636       (0.241%)          LOGGED: 204      
   ICMP: 132        (0.005%)          PASSED: 0        
    ARP: 12639      (0.459%)
   IPv6: 0          (0.000%)
    IPX: 2          (0.000%)
  OTHER: 15019      (0.546%)
DISCARD: 0          (0.000%)
-----

selamlar.

-- 
Burak DAYIOGLU
Phone: +90 312 2103379      Fax: +90 312 2103333
http://www.dayioglu.net        ICQ UIN: 72276975






More information about the Snort-devel mailing list