[Snort-users] packet I/O totals

Felix Erlacher felix.erlacher at ...17726...
Thu Feb 23 06:58:39 EST 2017


Hi all,

I have a question regarding the Snort Packet I/O totals.
This is what Snort tells me after i stop it with SIGTERM:

Packet I/O Totals:
   Received:      2234257
   Analyzed:      1327128 ( 59.399%)
    Dropped:       907129 ( 28.877%)
   Filtered:            0 (  0.000%)
Outstanding:       907129 ( 40.601%)
   Injected:            0

The snort manual says "Outstanding indicates how many packets are
buffered awaiting processing" and further refers to the DAQ
documentation. (The DAQ readme gives no Info on this behalf and I
could't find any other DAQ docu)
There are a few oddities here:
The "Dropped" and "Outstanding" numbers are exactly the same, namely the
difference between "analyzed" and "received".
How can dropped packets be at the same time outstanding?
Of which number is 907129 28.877%?

Is the problem that I aborted Snort?

I am using snort 2.9.9.0 with DAQ 2.0.6 to analyze traffic from my
10GBit NIC with the shipped snort.conf in IDS mode.
BTW: There was already a similar discussion on this list, the problem
was solved by a new DAQ. At the moment I am using the newest DAQ.

thanks and greets
-- 
Felix Erlacher

Key-ID:4EAC0959

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170223/ae98a5c7/attachment.sig>


More information about the Snort-users mailing list