[Snort-users] Snort Stats (% Packet Loss)

Joel Esler (jesler) jesler at ...589...
Fri May 2 15:13:39 EDT 2014

In the line you posted here, it appears you dropped 3.44% of packets for that interval.

Joel Esler
Sent from my iPhone

On May 2, 2014, at 15:09, "Kurzawa, Kevin" <kkurzawa at ...16800...<mailto:kkurzawa at ...16800...>> wrote:

I recently set up ThePigDoktah for reading the perfmonitor stats output. The % Packet Loss it is giving is confusing me though.

I set the perfmonitor to poll every 60 seconds.

Tcpdump will read 100,000 packets and not drop a single one from the interface. Even while snort is running.

I also see that the 2nd field in the stats output is the “pkt_drop_percent.” And my numbers hang around 3-5. Not >100.

Can anyone help me understand the % packet loss? Obviously I’m not dropping 100% of my packets, I’m getting alerts and whatnot. I figure I just don’t understand it.

#time,pkt_drop_percent …

Report Info:
        Processed: stats
        First Entry: Fri May  2 14:46:53 2014
        Last Entry: Fri May  2 14:58:53 2014
        Time Span: 0 days, 0 hours, 12 minutes and 0 seconds

        High: 138.603 Mbits/Sec | Fri May  2 14:55:53 2014
        Low: 99.941 Mbits/Sec | Fri May  2 14:46:53 2014
        Avg: 126.206 Mbits/Sec

% Packet Loss:
        High: 124.234% | Fri May  2 14:58:53 2014
        Low: 0.000% | Fri May  2 14:48:53 2014
        Avg: 120.063%

Additional Info:
        Avg Pkt Size: 659.974 bytes
        Avg Syns/Sec: 263.536
        Avg SynAcks/Sec: 263.990
        Avg Alerts/Sec: 0.061
        Avg Current Cached Sessions: 43037.147

"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140502/350aa6aa/attachment.html>

More information about the Snort-users mailing list