[Snort-users] Snort drops packets!

Edin Dizdarevic edin.dizdarevic at ...7509...
Fri Jun 6 07:36:02 EDT 2003


Hi,

first of all, it would be interesting what you're running Snort on:
WinX or *NIX.

Your problem may have different causes. Since the statistics is OK,
(33250-32524) = 726, I suppose you're running Snort 2.0... right?

Try this list:

1. How many rules are active
2. How many preprocessors are active
2. Checksum mode active?
3. stream4 config - memcap, timeout
4. frag2 config - memcap, timeout on linux net.ipv4.ipfrag_time = 30
5. NIC used
6. libpcap used -> ring buffered one?

Hope could help...

Regards,

Edin


Vögeli Urs, voegeurs wrote:
> Hi
> 
> When i turn off snort, it makes the following statistic:
> 
> =================================================== Snort analyzed 
> 32524out of 33250packets, dropping 726(2.183%) packets 
> ===================================================
> 
> I have Intel P4 2.4Ghz, 1024Mb RAM, 100Mbit network interface
> 
> Network throughput max 20Mbps
> 
> My Question: is it normal that snort drops any packets, and why??
> 
> Thanks! voegeurs
> 
> Content Security by MailMarshal 
> N¬HY޵隊X¬²š'²ŠÞu¼„¶{¬™©
®ÊN‹Z•XžÁ8^më-¶Þi×^nè zº'¶©•©Þ´7¬Š 
> Þw­†Øky§]y» 
> ‚)à}æ­º·¬Ê‹¯zw¯z·ky©žv‡í¯$赩U‰ì:~·žjÜ0ÁëgºÇ(™)è®Û¬z»&j)bž 
> b²Ô§¢»n±êì–+-²Ê.­ÇŸ¢¸
?ëF¢Ú-†+D»hr§?ë¬zº)¶*'²ŠîžË›±Êâmèm¶›?þX¬¶Ë(º·
~Šàzw­þX¬¶ÏåŠËb?ú?²z+¶ë
®Ä§¢»n±êì–+-j·!Š÷¡¶Ú?ÿ
0?ê
­¬%z·(›úÞv*ì~˜iÞX¬´
¢»n±êì
> 
> 
-- 
Edin Dizdarevic





More information about the Snort-users mailing list