[Snort-users] Snort 3.0 performance issue
qhu009 at aucklanduni.ac.nz
Sat Jun 16 18:15:39 EDT 2018
I am using Snort++ 3.0 to do some performance tests. We set up two
1. Running a single flow on a 100Gb high-speed network. Both Pcap and
AFPack DAQ work as expected. AF_Packet captured all the packets and no
packet loss. PCAP dropped few packets.
2. Running multiple flows with different delays on the same network. This
time AFPacket had a bad performance when we compared with PCAP in terms of
the received packet. For instance
>From my understanding, I thought AFPacket will have a better performance
than PCAP. But why I got different results in here? Besides, I am
wondering, when I can configure the search methods( ac-bnfa, ac_q or ac-split)
in Snort 3.0?
Here is some information about our testing service
CPU: Intel(R) Xeon(R) Gold 6136 CPU @ 3.00GHz * 24 cores
Thank you very much.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users