[Snort-devel] Performance results over snort 2.6.x

j y8k0vt3p at ...398...
Sat Jan 20 16:09:01 EST 2007


Hi Rmklm,
What snort config did you use for testing?
Did you have TCP reassembly enabled for to/from server ?
Did you enable full scanning of payload?
Did packets in Pcap file create a TCP connection ?
Thanks
- Jack    
----------------------------------------------------------------------

Message: 1
Date: Sat, 13 Jan 2007 22:35:52 +0100 (CET)
From: rmkml <rmkml at ...879...>
Subject: Re: [Snort-devel] Performance results over snort 2.6.x ?
To: Snort-devel at lists.sourceforge.net
Cc: Marc Norton <mnorton at ...402...>
Message-ID: <Pine.LNX.4.64.0701132201030.1308 at ...2772...>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

thx for reply Marc,
I have realised little benchmark :

v2612 default use 303Mo memory and run during ~1m2s and 57308 alerts

v2612 with ac-bnfa use 72Mo memory and run during ~46s and 57308 alerts

v2612 with lowmem use 75Mo memory and run during ~50s and 57308 alerts

v245 default use 105Mo of memory and run during ~3minutes 14s and 57142 alerts

pcap file size is ~800Mo, all snort version use 100% cpu.
I have repeated all test 10 times on same host !

results: snort v2.6.1.2 with ac-bnfa algo is the best !!! (less memory and more fast !)

Best Regards
Rmkml


 
____________________________________________________________________________________
TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/




More information about the Snort-devel mailing list