[Snort-users] packet capture/loss statistics
cpw at ...440...
Mon Mar 12 19:16:58 EST 2001
I think there is a problem calculating the percent of dropped packets on
First, ps_recv is incremented every time a packet is received by
the user application. Second, this value plus ps_drop which is supplied by
the linux kernel via:
(getsockopt(p->fd, SOL_PACKET, PACKET_STATISTICS, (void*)&tps, &olen) == 0)
is roughly equal to the number of packets received by the kernel. There is
actually another value ps_ifdrop which is equal to the kernel
(tp_packets - (ps_recv + tp_drops)).
Consequently, I modified the call to CalcPct to look like so:
CalcPct(drop, recv + drop);
This may only be true for linux.
More information about the Snort-users