[Snort-devel] Query about the performance

Gaurav Suryagandh gaurav.suryagandh at ...3182...
Thu Jun 9 03:59:15 EDT 2011


Basically with a fairly good quality of hardware ( 96GB RAM and couple 
of multi-core processors)

will i be able to capture at line rate of 10Gbps with finite number of 
rules around (64- spanning across, L2, L3 and application)?

Thanks,
Gaurav

On 06/08/2011 08:58 PM, Steven Sturges wrote:
> I'm not entirely sure of what you are trying to do, so it is tough
> to answer specifically.
>
> The capture rate is affected by a number of factors -- speed of
> the hardware, drivers, kernel, DAQ module being used, etc.
>
> Beyond the above, the performance of Snort itself is also affected
> by the number of rules, memory settings, etc.
>
> Snort is definitely capable of looking at packets in the context of
> other packets in the flow leveraging Stream and/or flowbits.
>
> On 6/8/11 5:54 AM, Gaurav Suryagandh wrote:
>> Hi All,
>>
>> I am trying to incorporate snort in my application for packet filtering.
>>
>> I have two questions regarding the same.
>>
>> 1) how much is snort's packet capture rate ?
>>
>> 2) Can we filter packets based on flow ?
>>
>> Thanks,
>> Gaurav
>>
>> ------------------------------------------------------------------------------ 
>>
>> EditLive Enterprise is the world's most technically advanced content
>> authoring tool. Experience the power of Track Changes, Inline Image
>> Editing and ensure content is compliant with Accessibility Checking.
>> http://p.sf.net/sfu/ephox-dev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>





More information about the Snort-devel mailing list