[Snort-users] SNORT DROPPING PACKETS

Crow, Owen Owen_Crow at ...2639...
Thu Jan 3 13:51:04 EST 2002


> -----Original Message-----
> From: Phil Wood [mailto:cpw at ...440...]
> Sent: Wednesday, January 02, 2002 6:35 PM

[snip]

> Well, if /usr/include/linux/if_packet.h has PACKET_STATISTICS and you
> have chosen the correct options when building the kernel, you 
> might get
> the attached patch to work.
> 
> Let me know how it goes.

I removed the daily version of libpcap and removed the compile directory so
snort would not use it.

I unpacked a fresh copy of libpcap-0.6.2 and applied your patch with "patch
-p1 < libpcap-0.6.2-patch".  Configured, compiled and installed.

Then I went to my snort-1.8.3 directory, "make distclean", "./configure",
"make", "make install" and reran as before.

It still resets the stats at every SIGUSR1, but I can live with that.  Maybe
this should go in the FAQ (along with an entry telling everyone about
SIGUSR1 in the first place).

I'm going to hook up both sensors side-by-side on a hub and see how they
compare.  Results to follow under a new subject.

Thanks again for all your help,
Owen




More information about the Snort-users mailing list