[Snort-users] Snort speed limit?

Matt Kettler mkettler at ...4108...
Tue May 11 13:21:12 EDT 2004

At 02:02 PM 5/11/2004, Sheahan, Paul wrote:
>I have a Snort sensor on a Gigabit network. Is there a theoretical speed 
>limit at which Snort can no longer keep up? For example, the wire can 
>handle gigabit but say our traffic level is half of that. Is there a 
>theoretical limit to what Snort can handle assuming the beefiest hardware?

There's no inherent limits in the speed of snort, it's entirely limited by 
your hardware and configuration. (obviously the more rules, preprocessors, 
etc you use the more hardware resources snort will chew up for a given flow 
of traffic.)

The fact that sourcefire's NS3000 is rated for monitoring real gigabit data 
thruput with 0% packet loss suggests wire-speed gig-e is definitely 
possible right now with the right hardware and tuning.

