[Snort-users] Bandwidth Information

Spitzer, Nathan Nathan.Spitzer at ...5841...
Wed May 29 11:43:03 EDT 2002

If you have a large HD, log the packets in binary to a file on that HD,
record start time, wait till HD fills up (or file reaches some arbitrary
size), record stop time. Now I'm not an expert, but the binary log I would
think should be pretty close to the actual packet size on the wire, so if
you do size/time you should get a good idea.

Nathan Spitzer

-----Original Message-----
From: Cooper Arthur B Contr WCOM
To: snort-users at lists.sourceforge.net
Sent: 5/29/02 2:09 PM
Subject: [Snort-users] Bandwidth Information

Hello All,

	Does anyone know of an "add-on" or PERL script that can do some
"ciphering" for me and tell me what percentage of my bandwidth is
alerts with SNORT?  I have a snort server set-up on a SPANNED 100
MBS/Full-Duplex port that feeds the internal LAN of a large US Military
installation.  I absolutely LOVE SNORT, but now that I see all of the
stuff being thrown at us via the Net, I was wondering if there was a way
show what percentage of our bandwidth is literally being wasted by the
amount of cmd.exe, code red, SQL Worm 1433 stuff etc. etc. that is
coming in
here and "banging" my firewalls.  THANKS!!

Arthur B. Cooper Jr  "COOP"
Network Technical Lead
Schriever AFB - Colorado Springs, Colorado
Email: art.cooper at ...5906...


Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list