[Snort-users] Snort inline extremely slow packet forwarding
xiche at ...3147...
Fri Jul 15 14:50:35 EDT 2011
On 07/15/2011 02:41 PM, Hussein Bahaidarah wrote:
> Thanks Rmkml for help,
> I found a work around and I don't understand how and why it did work.
> First, let me explain my configuration:
> eth2 and eth3 are bridged and snort IP should run on them
> eth1 is not used
> when I use: "snort -N -K none -k notcp -c rules/inline -A console --daq afpacket -i eth3:eth2 -Q" the slowness problem appear
> my work around is to use " snort -N -K none -k notcp -c rules/inline -A console --daq afpacket -i eth3:eth1 -Q ". This works fine though eth1 is not used!!
A couple questions:
What do you mean by "eth2 and eth3 are bridged"? You're not putting
them into a Linux bridge (with brctl), right?
Why is eth1 not being used in the second scenario?
More information about the Snort-users