[Snort-users] Help needed: Performance Check & Traffic Capture

Phil Wood cpw at ...440...
Tue Jan 1 19:51:03 EST 2002


On Tue, Jan 01, 2002 at 04:55:06PM -0800, Erek Adams wrote:
> On Tue, 1 Jan 2002, David Lambert wrote:
> 
> > Thanks for the pointer to this. Unfortunately when I tried this it gave me
> > the following results. Any idea why the crazy first line? Everything else
> > seems to work fine.
> 
> None.  That's an odd one.  What OS, Version/Build of Snort and hardware are
> you running this on?   Linux based?
> 
> > ===============================================================================
> > Snort analyzed -235601920 out of 16777216 packets, dropping
> > 252379136(1504.297%) packets
> 
> [...snip...]
> 
> If it's Linux based, check the archives from the snort-dev list at
> http://marc.theaimsgroup.com/ for some patches provided by Phil Wood
> <cpw at ...440...> to make libpcap + Linux 2.4(?) play nice.

Hi, the pcap library is fixed at tcpdump.org.  Pull down the current
library:

  http://www.tcpdump.org:80/daily/libpcap-current.tar.gz

It has the fix to pcap_stats.  It does not have the "turbo" patches
which use a ring buffer.  I have that in a different tarball which
I'm still not 100% sure about.  If you get the above working and
would like to try something even more bizarre, drop me an email.

Phil (cpw at ...440...)

> 
> Anyone else?
> 
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list