[Snort-users] question for snort flow established

Jason jason at ...5028...
Mon Mar 18 11:34:25 EDT 2013


The need has been increasing for several years and I would wager that
it is the #1 most common failure for those new to _any_ traffic
analysis.

I see three things coming together to create the issue.

1) Increased interest in higher education for security related programs
2) Availability of cheap hardware that natively does offload
3) Lack of foundational knowledge before jumping into more advanced analytics


On Mon, Mar 18, 2013 at 11:29 AM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 3/18/2013 10:04, JJ Cummings wrote:
>> Checksum offloading
> [...]
>>> [@ALL] why is this "-k none" suddenly needed more and more in recent months??
>>> we've never used it in any of our snort installations... is it special to a
>>> certain set of NICs?? [/@ALL]
>
> i understand that but /why/ is it needed now and hasn't been needed before? is
> it for server grade NICs only? does it have to do with the quantity of traffic
> flowing? is it related to gigabit NICs?
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list