[Snort-users] BPF size on OpenBSD and multiple NICs

Subba Rao subba9 at ...530...
Sat Jun 9 07:58:30 EDT 2001


What should be the limit of OpenBSD's BPF for running Snort effectively? I would
like to use one OpenBSD box with a 4-port NIC. Using TCPDUMP, I see quite a few
packets getting dropped (sometimes it is as much as 50%). Since Snort is the
other sniffer, this will be used for IDS. Does Snort drop packets as much as
TCPDUMP does?



More information about the Snort-users mailing list