[Snort-users] Linux packet loss statistics?

___cliff rayman___ cliff at ...1366...
Thu Apr 5 18:01:18 EDT 2001


i think u can test the packetloss for yourself.

i am not familiar with netperf, but u need a tool
which will put a quantifiable number of packets
on the wire.  if netperf won't do it, nmap or a perl
program certainly will. use tcpdump -c or snort to
count the number of packets actually received.
this should give u your true loss ratio.


--
___cliff rayman___cliff at ...1367...://www.genwax.com/

Mike Johnson wrote:

> ----snipage----
>
> I've got three identical systems.  All are pretty good
> hardware and use the Intel eepro100 card (well, the
> onboard version).  I've got all three plugged into an
> HP ProCurve switch with one port set up as a monitoring
> port.  One of the deciding factors in the whole thing
> has been that OpenBSD has a better reputation when
> it comes to packet capture.  There are other reasons
> that I'm considering Linux, so I wanted to see if
> Linux has made any improvements in the packet capture
> area.
>
> So, I run HP's netperf between two of the boxes, and then
> sit back and snort on the third.  I limit the test to
> 1000000 packets so I don't fill my disks, because
> netperf pushes around 92Mbps between the other two
> boxes.
>
> My snort command line:
> snort -de -i fxp1 -l . -n 1000000
>
> According to the packet loss statistics, OpenBSD is
> dropping packets.  Anywhere from half a percent to
> sixty (yes, 60) percent.
>
> For the moment, I'm not to worried about that.  What
> bothers me is that according to the statistics for
> Linux, it's dropping -no- packets.  That's right,
> zero percent.  Buh?
>
> So, what's the deal with the packetloss stats for
> Linux?  Are they on the level?
>
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list