[Snort-users] Packet loss statistics

David Lambert dlambert at ...4245...
Mon Feb 4 07:38:10 EST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 04 February 2002 08:27 am, Patrice.Arnal at ...4604... wrote:

I use "killall snort -USR1"
Extract from snort manpage:
       SIGUSR1
              Causes the program to dump its current packet statistical 
information to the cosole or syslogd(8) if in daemon mode.

This gives a report as follows:

Feb  4 09:36:12 demo snort:   
===============================================================================
Feb  4 09:36:12 demo snort: Snort analyzed 1957352 out of 1957352 packets,
Feb  4 09:36:12 demo snort: dropping 0(0.000%) packets
Feb  4 09:36:12 demo snort: Breakdown by protocol:                Action 
Stats:
Feb  4 09:36:12 demo snort:     TCP: 1605157    (82.007%)         ALERTS: 155
Feb  4 09:36:12 demo snort:     UDP: 200926     (10.265%)         LOGGED: 155
Feb  4 09:36:12 demo snort:    ICMP: 139305     (7.117%)          PASSED: 0
Feb  4 09:36:12 demo snort:     ARP: 11964      (0.611%)
Feb  4 09:36:12 demo snort:    IPv6: 0          (0.000%)
Feb  4 09:36:12 demo snort:     IPX: 0          (0.000%)
Feb  4 09:36:12 demo snort:   OTHER: 0          (0.000%)
Feb  4 09:36:12 demo snort: DISCARD: 0          (0.000%)
Feb  4 09:36:12 demo snort: 
===============================================================================
Feb  4 09:36:12 demo snort: Fragmentation Stats:
Feb  4 09:36:12 demo snort: Fragmented IP Packets: 0          (0.000%)
Feb  4 09:36:12 demo snort:     Fragment Trackers: 0
Feb  4 09:36:12 demo snort:    Rebuilt IP Packets: 0
Feb  4 09:36:12 demo snort:    Frag elements used: 0
Feb  4 09:36:12 demo snort: Discarded(incomplete): 0
Feb  4 09:36:12 demo snort:    Discarded(timeout): 0
Feb  4 09:36:12 demo snort:   Frag2 memory faults: 0
Feb  4 09:36:12 demo snort: 
===============================================================================
Feb  4 09:36:12 demo snort: TCP Stream Reassembly Stats:
Feb  4 09:36:12 demo snort:         TCP Packets Used: 1605120    (82.005%)
Feb  4 09:36:12 demo snort:          Stream Trackers: 65023
Feb  4 09:36:12 demo snort:           Stream flushes: 12867
Feb  4 09:36:12 demo snort:            Segments used: 18350
Feb  4 09:36:12 demo snort:    Stream4 Memory Faults: 0

> Hello
>
> I read about snort performances on various machines.
> Some are speaking of 1 to 10% packet missed by snort but they don't say
> where this figure comes from.
>
> I want to get an idea of packet loss on my system : a Solaris 5.8 sparc
> Ultra5
>
> What command must I issue to have a rough figure of packets missed by
> snort ?
>
> Thanks
>
> Patrice ARNAL
> ALCANET France
> Site d'ILLKIRCH
> 1 Route du Dr Albert SCHWEITZER
> 67408 ILLKIRCH CEDEX
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8XqrNY/DxgpN5vvMRAt0iAJ9JuTMM4/uYVFNbrv0Cs9ziTBR80wCgtEht
UvHg1PD+kEizVApnYdK67cM=
=5kJV
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list