Mon Nov 17 08:23:26 EST 2003


I was hoping someone could help me out here. I have Snort 2.0.4 installed on a 
new OpenBSD 3.4 system.

Here is my system configuration:
Intel P4 3.06 GHz CPU
80 GB HD
NetGear GA621 Fiber Ethernet Card (snort monitors this int)
Builtin 10/100 NIC (used for management)

I am using a NetOptics Fiber Tap to monitor traffic.
OpenBSD and Snort work fine, except that I notice that Snort drops packets, 
where the previous installtion of RedHat 9 on the SAME box reported no dropped 
packets. I have tuned Snort (rules, binary logging, etc,) to reduce dropped 
packets, but I am wondering the following:

1. Is it true that Linux 'lies' about how many packets it drops?
2. Should expect to be dropping packets with such a fast box, or maybe I have 
not done some important post-Install fixes on OpenBSD?
3. How can I determine the amount of bandwidth my interface is monitoring?

