[Snort-devel] Randomness in Snort engine
hyunseok at ...1117...
Thu Sep 11 12:33:36 EDT 2014
I have one question about Snort.
I was running Snort in offline mode by feeding a tcpdump packet trace to it.
I expected that Snort analysis result would be identical when I re-run
Snort multiple times with the same packet trace.
However, I noticed that the the total packets processed is slightly
different across different runs, which affects other analysis results.
result.0: Total packets processed: 230718
result.1: Total packets processed: 230720
result.2: Total packets processed: 230722
result.3: Total packets processed: 230721
Do you guys have any idea where this slight randomness comes from in Snort?
I'm using the default snort configuration with default rule sets.
This question might be user-oriented, but I thought developers may have a
better idea on the root cause.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel