[Snort-users] Quick questions about recieved packets
wjnicholson at ...11827...
Wed Oct 26 13:51:02 EDT 2005
Well I got my head out of my butt and realized what my major issue was. I
was running Snort from the command line for testing purposes before I set it
up to run at boot as a Daemon. I was using the following command line:
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth1 -g snort -v
I kinda forgot that verbose mode will cause a ton of dropped packets like I
was getting. I am now after a 10 min run without the -v getting 10% loss
instead of 90%. That is something I could live with or at least close the
gap on easier.
I installed the new pcap library as suggested above. I am using Fedora Core
3 (yeah I know, don't say it :-P) and I downloaded the lib, un-tarred it,
did the configure, make, make install dance around the fire pit. I rebooted
the server. Will that pcap lib actually be used or is there something I have
to change somewhere to tell FC3 not to use the pcap lib that it came with
and to use my new one?
On 10/26/05, Joseph Nicholson <wjnicholson at ...11827...> wrote:
> I went ahead and disabled all of the rulesets to see if that made any
> differece. Unfortunately it made no difference at all. My next question will
> be if I use the pcap library suggested above, when I install it will Snort
> know to use it automatically or will I have to change something so Snort
> will know?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users