[Snort-users] Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?
bamm.visscher at ...11827...
Mon Nov 27 09:57:04 EST 2006
Do try a newer version, there are known statisic issues with Linux and
older versions of libpcap.
On 11/27/06, Andreas Maus <maus at ...13999...> wrote:
> On Sun, Nov 26, 2006 at 09:43:24AM -0700, Bamm Visscher wrote:
> > What version of libpcap do you have installed?
> Hmmm ... Never thought of that.
> Snort is linked against:
> maus at ...14000...:~$ ldd /usr/local/bin/snort | grep pcap
> libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x0000002a9577b000)
> which is from the libpcap0.8 debian package:
> maus at ...14000...:~$ apt-cache show libpcap0.8
> Package: libpcap0.8
> Priority: optional
> Section: libs
> Installed-Size: 236
> Maintainer: Romain Francoise <rfrancoise at ...1015...>
> Architecture: amd64
> Version: 0.8.3-5
> Depends: libc6 (>= 2.3.2.ds1-4)
> Filename: pool/main/libp/libpcap0.8/libpcap0.8_0.8.3-5_amd64.deb
> Size: 86026
> MD5sum: a04b5d9c228a34262937c56ba2d19c38
> Description: System interface for user-level packet capture
> libpcap (Packet CAPture) provides a portable framework for low-level
> network monitoring. Applications include network statistics collection,
> security monitoring, network debugging, etc.
> Since almost every system vendor provides a different interface for
> packet capture, and since there are several tools that require this
> functionality, we've created this system-independent API to ease in
> porting and to alleviate the need for several system-dependent packet
> capture modules in each application.
> Further information is available at <URL: http://www.tcpdump.org/>
> I will try a more current (0.9.5) version.
sguil - The Analyst Console for NSM
More information about the Snort-users