[Snort-users] Improving overall performance of snort and stopping those drops

Edin Dizdarevic edin.dizdarevic at ...7509...
Wed Nov 5 03:46:04 EST 2003

Scott Zawalski schrieb:
> I am using snort to collect packets on a gig connection that gets on 
> average 1.3 tB/s.


> Any tips or tricks are greatly appreciated!
> Thank you,
> Scott

- Have you tried increasing the number of the ring buffer cells like

- I suppose your ruleset is already optimized

- Deactivate preprocessor frag2 if you're behind a defragmenting
   firewall (Netfilter always defragments if you turn on conntrack)

- Blend out the encrypted traffic (SSL/HTTPS/IMAPS/POP3S)


Edin Dizdarevic

More information about the Snort-users mailing list