[Snort-users] Linux packet loss statistics?
cliff at ...1366...
Thu Apr 5 18:01:18 EDT 2001
i think u can test the packetloss for yourself.
i am not familiar with netperf, but u need a tool
which will put a quantifiable number of packets
on the wire. if netperf won't do it, nmap or a perl
program certainly will. use tcpdump -c or snort to
count the number of packets actually received.
this should give u your true loss ratio.
___cliff rayman___cliff at ...1367...://www.genwax.com/
Mike Johnson wrote:
> I've got three identical systems. All are pretty good
> hardware and use the Intel eepro100 card (well, the
> onboard version). I've got all three plugged into an
> HP ProCurve switch with one port set up as a monitoring
> port. One of the deciding factors in the whole thing
> has been that OpenBSD has a better reputation when
> it comes to packet capture. There are other reasons
> that I'm considering Linux, so I wanted to see if
> Linux has made any improvements in the packet capture
> So, I run HP's netperf between two of the boxes, and then
> sit back and snort on the third. I limit the test to
> 1000000 packets so I don't fill my disks, because
> netperf pushes around 92Mbps between the other two
> My snort command line:
> snort -de -i fxp1 -l . -n 1000000
> According to the packet loss statistics, OpenBSD is
> dropping packets. Anywhere from half a percent to
> sixty (yes, 60) percent.
> For the moment, I'm not to worried about that. What
> bothers me is that according to the statistics for
> Linux, it's dropping -no- packets. That's right,
> zero percent. Buh?
> So, what's the deal with the packetloss stats for
> Linux? Are they on the level?
More information about the Snort-users