[Snort-users] Quick questions about recieved packets

Joseph Nicholson wjnicholson at ...11827...
Wed Oct 26 13:51:02 EDT 2005


Well I got my head out of my butt and realized what my major issue was. I
was running Snort from the command line for testing purposes before I set it
up to run at boot as a Daemon. I was using the following command line:
 /usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -g snort -v
 I kinda forgot that verbose mode will cause a ton of dropped packets like I
was getting. I am now after a 10 min run without the -v getting 10% loss
instead of 90%. That is something I could live with or at least close the
gap on easier.
 I installed the new pcap library as suggested above. I am using Fedora Core
3 (yeah I know, don't say it :-P) and I downloaded the lib, un-tarred it,
did the configure, make, make install dance around the fire pit. I rebooted
the server. Will that pcap lib actually be used or is there something I have
to change somewhere to tell FC3 not to use the pcap lib that it came with
and to use my new one?

 On 10/26/05, Joseph Nicholson <wjnicholson at ...11827...> wrote:
>
> I went ahead and disabled all of the rulesets to see if that made any
> differece. Unfortunately it made no difference at all. My next question will
> be if I use the pcap library suggested above, when I install it will Snort
> know to use it automatically or will I have to change something so Snort
> will know?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051026/e2f9ad54/attachment.html>


More information about the Snort-users mailing list