Snort mailing list archives
Re: A Query about dropped packets
From: Ashley Thomas <athomas () unity ncsu edu>
Date: Mon, 24 Sep 2001 21:13:56 -0400
I am running snort as: ./snort -d -h 10.0.0.0/24 -c snort.conf How do i make sure that name lookup is turned off ? (There was no mention of this in the help / manual) thanks Ashley Phil Wood wrote:
On Thu, Sep 20, 2001 at 10:50:28PM -0400, Ashley Thomas wrote:Hi all, I am running Snort on openBSD 2.9. I keep getting packets and when i terminate it gives some statistics which include "Snort analyzed 1716 out of 2979 packets, dropping 1263(42.397%) packets"I bet you have turned on name lookup? You should never see dropped packets like that with only 2979 packets.Does this mean snort is dropping packets or does it mean that Snort analysed only 1716 ?It means that snort only saw 1716 of the 2979 packets that drifted by your sensor. The kernel droped 1263, presumably because snort never got back in time to lift them into user space.In the latter case what is the filter used to filter 1716 out of 2979 packets and drop the rest ? Is this because there is something wrong in the configuration ? Any pointers is welcome. thanks a lot Ashley _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Phil Wood, cpw () lanl gov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A Query about dropped packets Ashley Thomas (Sep 20)
- Message not available
- Re: A Query about dropped packets Ashley Thomas (Sep 24)
- Re: A Query about dropped packets Erek Adams (Sep 24)
- Re: A Query about dropped packets Ashley Thomas (Sep 24)
- Message not available