[Snort-users] Snort takes prohibitively huge time for multiple pcap files

Asad, Hafiz ul Hafiz-ul.Asad at ...17478...
Mon Jan 16 04:54:23 EST 2017


The cmd I used is,

-pcap-list="pcap1 pcap2"

Asad

________________________________
From: Bhargava Jandhyala (bjandhya) <bjandhya at ...589...>
Sent: Sunday, January 15, 2017 6:16:35 AM
To: Asad, Hafiz ul; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort takes prohibitively huge time for multiple pcap files

Hi

Can you please share the cmd that used for running the pcaps list.

Thanks,
Bhargava

From: "Asad, Hafiz ul" <Hafiz-ul.Asad at ...17478...>
Date: Friday, 13 January 2017 at 10:56 PM
To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
Subject: [Snort-users] Snort takes prohibitively huge time for multiple pcap files

Snort Users,

I have two pcap files (about 600 MB each), if I analyse them one-by-one, it took snort 2.9.8.0 about 1 mint 10 sec to process them. But if I use any option of multiple files, e.g. --pcap-list "<list>", it takes like forever for snort to finish and I have to manually stop it. Any solution for this?


Asad





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170116/a2abfbf3/attachment.html>


More information about the Snort-users mailing list