[Snort-users] Libpcap packet statistics

larosa, vjay larosa_vjay at ...3331...
Tue Jun 3 09:29:08 EDT 2003


Hello,
 
I remember a while back there was a problem with Linux and snort reporting
bogus packet statistics (Specifically packet drops). I believe that this
problem had something to do with the Linux kernel (2.2?). I am running
Redhat 9 (Stock Kernel 2.4.20-8smp) now, and the reason I ask is because
when I upgraded my version of snort from 1.9.1 to 2.0 I completely
reinstalled my box from scratch, then I installed Libpcap 0.4 (Not the
Redhat modified Libpcap) and snort 2.0. The amazing thing is that the packet
drop rate went from 30-75% with snort 1.9.1 (800MB Per Second GigE Segment)
to 0% packet drop rate using snort 2.0. I am running on a Dell 2650 with
1.8GHZ processors using an Alteon Acenic Gigabit Ethernet adaptor. Either
Snort 2.0 is amazingly fast now, or libpcap is not telling me the correct
stats. Hopefully it is the first one!
 
Thanks!
 
vjl
 
V.Jay LaRosa                   EMC Corporation
Information Security          4400 Computer Dr.
(508)898-7433 Office       Westboro, MA 01580
(508)353-1348 Cell           www.emc.com <http://www.emc.com> 
888-799-9750 Pager         vjl at ...3331...
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030603/7bff0d8c/attachment.html>


More information about the Snort-users mailing list