[Snort-users] Snort's configuration
pauls at ...6838...
Wed May 3 08:59:13 EDT 2006
Santi Benito wrote:
> Dear Snort users, I have written 3 times in snort`s users mailing
> list and anybody has answer my question and I am a little bit worried
> with my problem.
> I am analyzing real traffic with snort and I only use in snort.conf
> the rules referring to P2P and all the preprocessors active, when I
> replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the
> packets and I have read that cancelling the preprocessors it could
> work better but it doesn`t.
> I don`t know how to change the memcap and also don`t know how to make
> snort to use libpcap with mmap that I have read that could be a good idea.
> Could anyone help me or say to me something?
You're going to get a lot more help if you tell us what OS you're
running snort on - what version of snort you're running - what processor
and how much memory your snort box has - etc., etc.
Some of the folks here are pretty good. None of them are mind readers.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
More information about the Snort-users