[Snort-users] Snort inline latency

Abdelmonaim Mokadem abdelmonaim.mokadem at ...13827...
Fri May 4 15:35:29 EDT 2012


Hi all,

I am currently trying to calculate my snort inline latency.

I have 2 hosts : one running snort inline and the other one which inject
pcaps (a bridge is set to send back packets from the snort host machine
to the injection one).

I use tcpdump to sniff packets at the emission and at the reception from
my injection host and (I match only ACK packets with a little program)
then calculate the difference between the timestamps (emission and
reception), but unfortunately my results are really bad...

Can anyone tell me if I'm doing right? Or does anyone know what is the
best way to calculate snort inline latency?

Thanks,

AM.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120504/8bd185fd/attachment.html>


More information about the Snort-users mailing list