[Snort-users] Snort's configuration

Santi Benito benisoroa at ...11827...
Wed May 3 02:48:03 EDT 2006


Dear Snort users, I have written 3 times in snort`s users mailing
list and anybody has answer my question and I am a little bit worried
with my problem.
I am analyzing real traffic with snort and I only use in snort.conf
the rules referring to P2P and all the preprocessors active, when I
replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the
packets and I have read that cancelling the preprocessors it could
work better but it doesn`t.
I don`t know how to change the memcap and also don`t know how to make
snort to use libpcap with mmap that I have read that could be a good idea.

Could anyone help me or say to me something?

Santi




More information about the Snort-users mailing list