[Snort-users] Inline snort negative impact on network
charles.heselton at ...11827...
Wed Nov 12 23:31:31 EST 2014
I'm attempting to install/configure a standalone, inline snort box. When I
have the sensor inline, with snort running, the traffic seems to be flowing
properly; snort is alerting, as expected.
However, browsing the web, and downloads, becomes significantly impacted.
speedtest.net fails to load. wget downloads files at ~6Kbps, when it
should be closer to 6Mbps.
The question is why?
Hardware: Intel Celeron 4 core, 8GB RAM, 64GB SSD, dual Gigabit (Realtek)
NICs onboard, USB3.0->Gigabit dongle NIC (for admin).
Software: Gentoo x86_64 linux; kernel 3.16.5; snort 2.7.0; daq 2.0.2.
When snort is running, and traffic is passing, both gkrellm and top show
almost 0 CPU activity. This is on a relatively low traffic, home network,
so I wouldn't expect the system to be loaded. The admin interface shows
more activity than the 2 bridged interfaces.
What gives? Any advice appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users