Snort mailing list archives
Snort sniffing (snorfing?)
From: "Wedge Breaker" <wedgebreaker () crackdealer com>
Date: Wed, 22 Aug 2001 13:42:45 -0700
1st time poster - long time listener. I'm trying to evaluate Snort's ability to just sniff traffic and I need some help figuring out how to do it. My goal is to baseline the amount of traffic snort can handle. I'll be running Netperf or something to generate traffic and I want to see if Snort can keep up. I do know that I can do this: snort -i eth0 -v > /dev/null but Marty says in his Snort paper that running in verbose mode is slow. Is that still the case if I'm dumping to /dev/null? I also know that in Martys' paper, he says that in -b mode (binary logging) that Snort can keep up with 100Mbit/s traffic. That may be so, but I would think that if you wanted optimum sniffability, you wouldn't want to log any data, just count packets. Right? Any suggestions? TIA, wb ------------------------------------------------------------ [- Get your own free e-mail @ http://www.crackdealer.com -] _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort sniffing (snorfing?) Wedge Breaker (Aug 22)
- Re: Snort sniffing (snorfing?) Erek Adams (Aug 22)
- <Possible follow-ups>
- RE: Snort sniffing (snorfing?) Wedge Breaker (Aug 23)
- RE: Snort sniffing (snorfing?) Erek Adams (Aug 23)