[Snort-users] snort problems

Al Lewis (allewi) allewi at ...589...
Wed Jun 22 09:17:41 EDT 2016


Can you clarity “we are using snort to transmit two types of packets”? (Do you mean you are running snort inline? If so.. How are you running/starting snort? Are you using afpacket, pfring, netmap etc..)

Also “more than 70% of traffic being dropped between snort and internet” (Do you see snort dropping the traffic in the exit stats? Are you sure the traffic in question is making it to snort?)


Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...<mailto:allewi at ...589...>

From: BOCAL CALBO <meschoses at ...1855...<mailto:meschoses at ...1855...>>
Reply-To: BOCAL CALBO <meschoses at ...1855...<mailto:meschoses at ...1855...>>
Date: Wednesday, June 22, 2016 at 8:52 AM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] snort problems


We are using snort in an IDS for a while now, and we are facing a problem on packets that are

In few words we are using snort to transmit two types of packets the SIP one and the UDP one, and

observing the server when working, all our SIP packets passed well through snort to the next server, but more than 70 % of our UDP packets are dropped between the internet network and snort.

We will be thankfull to hear from you what is happening. For that we have attached our sostat and netstat -i output .

thank you in advance.

Gilles & Maurizio.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160622/257cd2c9/attachment.html>

More information about the Snort-users mailing list