[Snort-users] Snort inline extremely slow packet forwarding

Michael Altizer xiche at ...3147...
Fri Jul 15 14:50:35 EDT 2011


On 07/15/2011 02:41 PM, Hussein Bahaidarah wrote:
> Thanks Rmkml for help,
>
> I found a work around and I don't understand how and why it did work.
> First, let me explain my configuration:
> eth2 and eth3 are bridged and snort IP should run on them
> eth1 is not used
>
> when I use:  "snort    -N -K none -k notcp -c rules/inline -A console   --daq afpacket -i eth3:eth2   -Q"  the slowness problem appear
>
> my work around is to use " snort    -N -K none -k notcp -c rules/inline -A console   --daq afpacket -i eth3:eth1   -Q ". This works fine though eth1 is not used!!
>
A couple questions:

What do you mean by "eth2 and eth3 are bridged"?  You're not putting 
them into a Linux bridge (with brctl), right?

Why is eth1 not being used in the second scenario?




More information about the Snort-users mailing list