[Snort-users] Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?

Andreas Maus maus at ...13999...
Mon Nov 27 10:19:15 EST 2006


On Mon, Nov 27, 2006 at 07:57:04AM -0700, Bamm Visscher wrote:
> 
> Do try a newer version, there are known statisic issues with Linux and
> older versions of libpcap.
> 
> Bammkkkk
Thanks.
Building libpcap 0.9.5 and linking against snort did the trick:

*** Caught Usr-Signal
Snort ran for 0 Days 5 Hours 21 Minutes 46 Seconds
Packet analysis time averages:

Snort Analyzed 3520 Packets Per Hour
Snort Analyzed 54 Packets Per Minute
Snort Analyzed 0 Packets Per Second

Snort received 17604 packets
    Analyzed: 17603(99.994%)
    Dropped: 0(0.000%)
    Outstanding: 1(0.006%)
===============================================================================
Breakdown by protocol:
    TCP: 13131      (74.595%)
    UDP: 573        (3.255%)
   ICMP: 84         (0.477%)
    ARP: 3815       (21.672%)
  EAPOL: 0          (0.000%)
   IPv6: 0          (0.000%)
ETHLOOP: 0          (0.000%)
    IPX: 0          (0.000%)
   FRAG: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================
Action Stats:
ALERTS: 31
LOGGED: 31
PASSED: 0
===============================================================================
TCP Stream Reassembly Stats:
    TCP Packets Used: 13131      (74.595%)
    Stream Trackers: 575
    Stream flushes: 22
    Segments used: 41
    Segments Queued: 42
    Stream4 Memory Faults: 0
===============================================================================

Many thanks,

Andreas.





More information about the Snort-users mailing list