[Snort-users] Snort as Gigabit Sensor

Marc Quibell mquibell at ...7759...
Thu Jul 24 13:22:25 EDT 2003


Hey Robert,
How do you know not you're ALWAYS getting 40% packet loss? Maybe you have a bad
cable/port?

Cheers!
Q

--From: Banniza Robert <Robert.Banniza at ...9244...>
--To: "'snort-users at lists.sourceforge.net'"
--    <snort-users at lists.sourceforge.net>
--Date: Thu, 24 Jul 2003 13:43:39 -0500
--Subject: [Snort-users] Snort as Gigabit Sensor

--Anyone have any good pointers on tuning Linux (Redhat 9) as a gigabit
--sensor? Currently, we are using a Broadcom Corporation NetXtreme BCM5703
--Gigabit Ethernet (TG3 kernel module) Netgear card as the sniffing card. We
--have set up a span port so that we can see all traffic on a Cisco 6509. The
--sad thing is we are encountering 40% packet loss. The network interfaces
--were statically compiled into the kernel and /etc/sysctl.conf was modified
--with the following to provide larger buffers:

<snip>
--Thanks
--Robert






More information about the Snort-users mailing list