[Snort-users] Help needed: Performance Check & Traffic Capture
cpw at ...440...
Tue Jan 1 19:51:03 EST 2002
On Tue, Jan 01, 2002 at 04:55:06PM -0800, Erek Adams wrote:
> On Tue, 1 Jan 2002, David Lambert wrote:
> > Thanks for the pointer to this. Unfortunately when I tried this it gave me
> > the following results. Any idea why the crazy first line? Everything else
> > seems to work fine.
> None. That's an odd one. What OS, Version/Build of Snort and hardware are
> you running this on? Linux based?
> > ===============================================================================
> > Snort analyzed -235601920 out of 16777216 packets, dropping
> > 252379136(1504.297%) packets
> If it's Linux based, check the archives from the snort-dev list at
> http://marc.theaimsgroup.com/ for some patches provided by Phil Wood
> <cpw at ...440...> to make libpcap + Linux 2.4(?) play nice.
Hi, the pcap library is fixed at tcpdump.org. Pull down the current
It has the fix to pcap_stats. It does not have the "turbo" patches
which use a ring buffer. I have that in a different tarball which
I'm still not 100% sure about. If you get the above working and
would like to try something even more bizarre, drop me an email.
Phil (cpw at ...440...)
> Anyone else?
> Erek Adams
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users