[Snort-users] statistics, dropped packets, and counters

Jorge Cuevas jcuevas at ...14264...
Fri Apr 25 07:55:54 EDT 2008


Hi all,

I am trying to gather accurate information regarding packet lost when I 
use snort.

The point is when I send kill -USR1 signal to snort, trying to gather 
some statistics, the dropped packets shown here are related to snort 
itself, or  to libpcap losts (called from snort)? Is this value reliable?

For example, ntop shows information regarding dropped packets due to 
ntop application itself, and dropped packets from libpcap. In some 
scenario, I am using pf_ring socket with ntop, and from 
/proc/net/pf_ring, I can read libpcap or pf_ring dropping statistics 
which fit exactly with those showed by ntop web interface. Does anyone 
know from where I can read libpcap dropped statistics in a raw matter 
similar to /proc/net/pf_ring ones when using snort and common libpcap? 
ie, does libpcap log down any kind of basic or raw statistics? Are they 
reliable?

And last question, what about the statistics from this commands:

ip -stats link
cat /proc/net/dev

Are the dropped packets gather from here related in any matter to 
dropped packets shown in snort statistics?

Any help will be much appreciate.

Thanks in advance

Jorge




More information about the Snort-users mailing list