[Snort-users] perfmon avg bytes/pkt columns misaligned?
snort at ...13080...
Fri Feb 27 19:59:37 EST 2009
I am using Snort 126.96.36.199 and 188.8.131.52 with the perfmon preprocessor and I
noticed something strange with the output while calculating R-squared values
with my drop rate.
The columns 'Avg Bytes/Pkt (wire)' (1st one) and 'Avg Bytes/Pkt (applayer)'
seem to be identical.
The second 'Avg Bytes/Pkt (wire)' is different from both of these.
The 2.8.3 manual states "Avg Bytes/Pkt (wire) [duplicated below for easy
comparison with other rates]" for the first 'Avg Bytes/Pkt'.
However, it seems to be a duplicate of 'Avg Bytes/Pkt (applayer)' instead.
Am I reading this correctly, or is the wrong value being duplicated in this
first column (column G or the first 'Avg Bytes/Pkt (wire)')?
The second 'Avg Bytes/Pkt (wire)' seems to be correct (95% stats are less
than 'Avg Bytes/Pkt (applayer)' and never over by more than 6 pkts).
I also see 18 columns which are not described in the 2.8.3 manual, but none
of them are close to matching either of the Avg Bytes/Pkt stats.
More information about the Snort-users