[Snort-users] Snort 184.108.40.206 ignoring stream4
pmelson at ...11827...
Sat Apr 7 20:12:32 EDT 2007
On 4/6/07, Darryl Taylor <darryl.taylor at ...1935...> wrote:
> What size pipe is it monitoring (what's peak and sustained during
> business hours)? Which libpcap implementation is installed, standard,
> Phil Woods, or pfring?
The pipes' that this sensor is watching have an aggregate bandwidth of
about 24Mbps, and peak throughput is between 10-15Mbps with peak pps
rates in the 60-80 range. The pcap library is the default libpcap
package that comes with RHEL4.
This issue is definitely tied to 220.127.116.11 and not the hardware. I can
down-rev the config file and snort binary back to 18.104.22.168 on this box
and the CPU usage drops off dramatically.
More information about the Snort-users