[Snort-users] Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?

Bamm Visscher bamm.visscher at ...11827...
Mon Nov 27 09:57:04 EST 2006


Do try a newer version, there are known statisic issues with Linux and
older versions of libpcap.

Bammkkkk


On 11/27/06, Andreas Maus <maus at ...13999...> wrote:
> On Sun, Nov 26, 2006 at 09:43:24AM -0700, Bamm Visscher wrote:
> >
> > What version of libpcap do you have installed?
> Hmmm ... Never thought of that.
> Snort is linked against:
>
> maus at ...14000...:~$ ldd /usr/local/bin/snort | grep pcap
>         libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x0000002a9577b000)
>
> which is from the libpcap0.8 debian package:
>
> maus at ...14000...:~$ apt-cache show libpcap0.8
> Package: libpcap0.8
> Priority: optional
> Section: libs
> Installed-Size: 236
> Maintainer: Romain Francoise <rfrancoise at ...1015...>
> Architecture: amd64
> Version: 0.8.3-5
> Depends: libc6 (>= 2.3.2.ds1-4)
> Filename: pool/main/libp/libpcap0.8/libpcap0.8_0.8.3-5_amd64.deb
> Size: 86026
> MD5sum: a04b5d9c228a34262937c56ba2d19c38
> Description: System interface for user-level packet capture
>  libpcap (Packet CAPture) provides a portable framework for low-level
>  network monitoring.  Applications include network statistics collection,
>  security monitoring, network debugging, etc.
>  .
>  Since almost every system vendor provides a different interface for
>  packet capture, and since there are several tools that require this
>  functionality, we've created this system-independent API to ease in
>  porting and to alleviate the need for several system-dependent packet
>  capture modules in each application.
>  .
>  Further information is available at <URL: http://www.tcpdump.org/>
>
> I will try a more current (0.9.5) version.
>
> Andreas.
>
>


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-users mailing list