[Snort-users] 2.1.3rc1 Performance

Dirk Geschke Dirk at ...10648...
Wed May 19 12:48:02 EDT 2004


Hi Gary,

> The question remains however, which version is misreporting statistics? I 
> suspect 0.8.3 since it reported 128.633% drop rate at one point.

hmm, drop/(recv+drop) shoule never exceed 100% or recv must be 
negative...

> Or is 0.8.3 just that much slower? 
> 
> Anyone care to comment?

Can you verify how many packets were really on the wire
during your snort runs?

I think 'netstat -ni' should be helpful or a parallel snoop run 
on the sniffed interface. Maybe the old libpcap returned wrong
values?

Best regards

Dirk




More information about the Snort-users mailing list