[Snort-users] Network Card and promiscious mode

Dragos Ruiu dr at ...381...
Sat Jan 27 13:33:31 EST 2001

On Sat, 27 Jan 2001, you wrote:
> On Fri, Jan 26, 2001 at 10:27:37PM -0500, Martin Roesch wrote:
> > Hi Trevor,
> >      If you're running on windows, you're going to need to get winpcap. 
> > There's a link to it at Mike Davis' page
> > (http://www.datanerds.net/~mike).
> >      As for a *NIX variant to run, Linux is fine if you're comfortable
> > with it, I hear that the performance of the 2.4 kernel is pretty good
> > these days.  I personally prefer the BSD operating systems (specifically
> I heard that Winpcap performace on wintels is even better .. these days ;-P

Well, the concensus on that thread was that if you patch FreeBSD
to increase buffer sizes and then do similalrly to libpcap then that might not
be accurate. As soon as I test out some new stuff on OpenBSD too I'm 
gonna try to regenerate those tests...  I want to see this with my own eyes....

(I hope Mr. Degioanni will pardon my general predisposition to disbelief on
this... It's not meant to reflect on his code, it's just influenced by the
stellar track record of NDIS I've seen so far. :-)

And also, my subjective impression (which will also soon be backed up
by a set of numbers hopefully) is that the Linux turbo packet capture stuff is
even faster these days.  Been thinking about needing snort wired to that too 
if/when I get to some gigabit stuff....

Some wild ass guess tells me that all those perf rankings are about to get
shuffled just in time to deal with the new motherboards that will be able to
do gigabit reliably with 64bit/66mhz PCI.... :-)


Dragos Ruiu <dr at ...50...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
CanSecWest/core01: March 28-30, Vancouver B.C.  ------------^
Speakers: Renaud Deraison/Nessus Attack Scanner, Martin Roesch/Snort/Advanced IDS,
  Ron Gula/Enterasys/IDS Evasion, Dug Song/Arbor Networks/Monkey in the Middle,
  RFP/Whisker2.0 and other fun, Mixter/2XS/Distributed Apps, Theo DeRaadt/OpenBSD,
  K2/w00w00/ADMutate, HD Moore/Digital Defense/Making NT Bleed, Frank Heidt/@Stake, 
  Matthew Franz/Cisco/Trinux/Security Models, Fyodor/insecure.org/Network Mapping,
  Lance Spitzner/Sun/Honeynet Fun, Robert Graham/NetworkICE/IDS Technology Demo,
  Kurt Seifried/SecurityPortal/Crypto: 2-Edged Sword, Dave Dittrich/UW/Forensics,   
  Sebastien Lacoste-Seris & Nicolas Fischbach/COLT Telecom/Securite.Org/Kerberized
  SSH Deployment, Jay Beale/MandrakeSoft/Bastille-Linux/Securing Linux

More information about the Snort-users mailing list