[Snort-devel] Performance results over snort 2.6.x

rmkml rmkml at ...879...
Sun Jan 21 06:43:27 EST 2007


Hi Jack,
my little bench are not compared best snort perf, but only compared quickly snort 245 and snort 2612 perf on same pcap file.
My snort conf are default (reass clt, not srv side and add http preproc flow_depth 0)
TCP Stream Reassembly Stats:
     TCP Packets Used: 2371470    (95.446%)
     Stream Trackers: 7005
     Stream flushes: 4319
     Segments used: 8641
     Segments Queued: 8721
     Stream4 Memory Faults: 0
  Snort processed 2484611 packets.
  My pcap file are mixed udp/tcp/ipproto REAL live trafic.
If you have snort26 bench, you are welcome !
Regards
Rmkml


On Sat, 20 Jan 2007, j wrote:

> Date: Sat, 20 Jan 2007 13:09:01 -0800 (PST)
> From: j <y8k0vt3p at ...398...>
> To: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] Performance results over snort 2.6.x
> 
> Hi Rmkml,
> What snort config did you use for testing?
> Did you have TCP reassembly enabled for to/from server ?
> Did you enable full scanning of payload?
> Did packets in Pcap file create a TCP connection ?
> Thanks
> - Jack
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 13 Jan 2007 22:35:52 +0100 (CET)
> From: rmkml <rmkml at ...879...>
> Subject: Re: [Snort-devel] Performance results over snort 2.6.x ?
> To: Snort-devel at lists.sourceforge.net
> Cc: Marc Norton <mnorton at ...402...>
> Message-ID: <Pine.LNX.4.64.0701132201030.1308 at ...2772...>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> thx for reply Marc,
> I have realised little benchmark :
>
> v2612 default use 303Mo memory and run during ~1m2s and 57308 alerts
>
> v2612 with ac-bnfa use 72Mo memory and run during ~46s and 57308 alerts
>
> v2612 with lowmem use 75Mo memory and run during ~50s and 57308 alerts
>
> v245 default use 105Mo of memory and run during ~3minutes 14s and 57142 alerts
>
> pcap file size is ~800Mo, all snort version use 100% cpu.
> I have repeated all test 10 times on same host !
>
> results: snort v2.6.1.2 with ac-bnfa algo is the best !!! (less memory and more fast !)




More information about the Snort-devel mailing list