[Snort-users] Snort's configuration

Paul Schmehl pauls at ...6838...
Wed May 3 08:59:13 EDT 2006


Santi Benito wrote:
> Dear Snort users, I have written 3 times in snort`s users mailing
> list and anybody has answer my question and I am a little bit worried
> with my problem.
> I am analyzing real traffic with snort and I only use in snort.conf
> the rules referring to P2P and all the preprocessors active, when I
> replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the
> packets and I have read that cancelling the preprocessors it could
> work better but it doesn`t.
> I don`t know how to change the memcap and also don`t know how to make
> snort to use libpcap with mmap that I have read that could be a good idea.
> 
> Could anyone help me or say to me something?
>
You're going to get a lot more help if you tell us what OS you're 
running snort on - what version of snort you're running - what processor 
and how much memory your snort box has - etc., etc.

Some of the folks here are pretty good.  None of them are mind readers.

-- 
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060503/9abd85e5/attachment.bin>


More information about the Snort-users mailing list