[Snort-users] USR1 Output and BPF traffic

Dennis Neil djneil at ...1052...
Mon Dec 17 12:05:51 EST 2012


Hello,

I was wondering if when filtering traffic using the -F <bpf-file> switch
how this affects stats dumped through the kill -USR1 command. Is the total
number of received and analyzed packets listed the number before the BPF is
applied or after? I'm running a filter to capture "non-internal" sources
and find the total number of packets received and analyzed to be high if it
is post BPF. I notice a "filtered" category but this consistently registers
zero.

If it does not record the numbers after applying the BPF does anyone know
of a way to report on the number of packets received and analyzed by an
applied BPF? Thanks!

Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121217/ca96507c/attachment.html>


More information about the Snort-users mailing list