[Snort-users] Snort Packet Stats

Matt Jonkman matt at ...4024...
Thu Jan 10 16:37:02 EST 2002


This is an unusually high percentage. Normally we're running at 0% dropped.

These stats are coming from an overwhelmed dev box running 2 instances of
snort before I ran a third instance for a few seconds for the sample stats,
AND it's seeing a high traffic volume, AND running an overworked mysql db.

Bad choice of stats, definitely not representative of snort. :)

Matt


----- Original Message -----
From: "Ashley Thomas" <athomas at ...3539...>
To: "Matt Jonkman" <matt at ...4024...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, January 10, 2002 3:53 PM
Subject: Re: [Snort-users] Snort Packet Stats


> It is slightly out of sync but may i ask you this.
> >From the stats that you've attached Snort seems to be dropping a lot
> of packets ?
> Is the traffic volume very high ?
>
> or is it something that i've overlooked.
>
> thanks
> ashley
>
>
>
> On Thu, 10 Jan 2002, Matt Jonkman wrote:
>
> > We're working on our own homegrown snort back-end and want to really
> > concentrate on having detailed live and trending stats for each sensor.
> >
> > Is there a way to get the stats that snort dumps when you ^C a
non-daemon
> > instance when you are running as a daemon? If not is there another
source of
> > the running stats we can grab and trend?
> >
> > Thanks
> >
> > Matt
> >
> >
> >
> >
> > I.E these stats:
> >
> >
============================================================================
> > ===
> > Snort analyzed 4444 out of 6034 packets, dropping 1590(26.351%) packets
> >
> > Breakdown by protocol:                Action Stats:
> >     TCP: 2494       (41.332%)         ALERTS: 0
> >     UDP: 108        (1.790%)          LOGGED: 0
> >    ICMP: 0          (0.000%)          PASSED: 0
> >     ARP: 0          (0.000%)
> >    IPv6: 0          (0.000%)
> >     IPX: 0          (0.000%)
> >   OTHER: 102        (1.690%)
> > DISCARD: 0          (0.000%)
> >
============================================================================
> > ===
> > Fragmentation Stats:
> > Fragmented IP Packets: 0          (0.000%)
> >     Fragment Trackers: 0
> >    Rebuilt IP Packets: 0
> >    Frag elements used: 0
> > Discarded(incomplete): 0
> >    Discarded(timeout): 0
> >   Frag2 memory faults: 0
> >
============================================================================
> > ===
> > TCP Stream Reassembly Stats:
> >         TCP Packets Used: 0          (0.000%)
> >          Stream Trackers: 0
> >           Stream flushes: 0
> >            Segments used: 0
> >    Stream4 Memory Faults: 0
> >
============================================================================
> > ===
> > Snort received signal 2, exiting
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>





More information about the Snort-users mailing list