[Snort-users] "Making Snort go fast under Linux..."
ronny at ...1014...
Wed Feb 24 15:02:31 EST 2010
>> You mentioned performance may be enhanced by using different
>> compilers/flags. I'm going to run some tests using different setups (OS,
>> compiler collection, etc). Can anybody suggest an ideal way to beat the
>> Hell out of a Snort box?
> First thing that comes to mind:
> Though I have no experience with the product, Im just aware of it :)
I do have experience with the product and altough it's good, it comes at
a very heavy price tag.
Since the original poster claims he has spend an obscene amount of money
at a quad core PC for his lab, i'm afraid that it's above his price league.
In the past I have tested with a combo of pcap replay, and stimulus
traffic generated by some perl scripts which were emulating clients and
making request to real targets.
This will give you an idea and you can even get upto a certain level of
comparison between products.
your results will however not be widely accepted.
you can contact me also off list and I can get someone to make you an
offer for commercial performance testing ...
More information about the Snort-users