[Snort-users] Libpcap packet statistics
larosa_vjay at ...3331...
Tue Jun 3 09:29:08 EDT 2003
I remember a while back there was a problem with Linux and snort reporting
bogus packet statistics (Specifically packet drops). I believe that this
problem had something to do with the Linux kernel (2.2?). I am running
Redhat 9 (Stock Kernel 2.4.20-8smp) now, and the reason I ask is because
when I upgraded my version of snort from 1.9.1 to 2.0 I completely
reinstalled my box from scratch, then I installed Libpcap 0.4 (Not the
Redhat modified Libpcap) and snort 2.0. The amazing thing is that the packet
drop rate went from 30-75% with snort 1.9.1 (800MB Per Second GigE Segment)
to 0% packet drop rate using snort 2.0. I am running on a Dell 2650 with
1.8GHZ processors using an Alteon Acenic Gigabit Ethernet adaptor. Either
Snort 2.0 is amazingly fast now, or libpcap is not telling me the correct
stats. Hopefully it is the first one!
V.Jay LaRosa EMC Corporation
Information Security 4400 Computer Dr.
(508)898-7433 Office Westboro, MA 01580
(508)353-1348 Cell www.emc.com <http://www.emc.com>
888-799-9750 Pager vjl at ...3331...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users