[Snort-users] A Query about dropped packets

Phil Wood cpw at ...440...
Fri Sep 21 21:14:02 EDT 2001


On Thu, Sep 20, 2001 at 10:50:28PM -0400, Ashley Thomas wrote:
> Hi all,
> 
> I am running Snort on openBSD 2.9.
> I keep getting packets and when i terminate it gives some statistics
> which include
> 
> "Snort analyzed 1716 out of 2979 packets, dropping 1263(42.397%)
> packets"
I bet you have turned on name lookup?  You should never see dropped packets
like that with only 2979 packets.  
> 
> Does this mean snort is dropping packets or does it mean that Snort
> analysed only 1716 ?

It means that snort only saw 1716 of the 2979 packets that drifted by
your sensor.  The kernel droped 1263, presumably because snort never 
got back in time to lift them into user space.
> In the latter case what is the filter used to filter 1716 out of 2979
> packets and drop the rest ?
> 
> Is this because there is something wrong in the configuration ?
> 
> Any pointers is welcome.
> 
> thanks a lot
> Ashley
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list