[Snort-users] Dropping packets when using a sniffer and snort together

Abhishek Sharma abhisheksharma84 at ...11827...
Tue Oct 2 14:42:59 EDT 2012


Hi,

Maybe this is not a question I should be putting on this forum at all but I
nevertheless wanted to give it a shot. I have a high speed network and
wanted to give snort inline a shot. It seems to work really well.

The trouble comes when I try to club it with my sniffer. So basically I
have 3 instances of snort inline running on ethX alongwith my custom
sniffer trying to write all those packets to a pcap file on the disk (I
have some requirements to store ALL the packets as well). I have observed
that the sniffer works well when run standalone but starts dropping packets
when snort is also running in parallel in inline mode.

What could be the possible reasons? Is it that the CPU is starved of some
READ operations as 3-4 processes are trying to process packets on the same
interface???

Abhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121003/227c5cb4/attachment.html>


More information about the Snort-users mailing list