Re: What speed?

[Phil Wood <cpw () lanl gov>]

On Thu, Jul 19, 2001 at 02:15:44AM -0400, Lists wrote:
> Can someone tell me up to what speed can Snort handle on the Windows
> platforms? Will it do 100 Mbps?

Snort can handle any speed.  It's the processor it's running on.  If
you want really really fast snort, you put it in hardware.  I don't think
that is being done at this time.

  http://asic.union.edu/
  http://www.ti.com/sc/docs/asic/homepage.htm

In the meantime, I'd run it on a unix smp (multiprocessor), with a fast
bus, fast SCSI drives, and turn off the options which cause the packets
to be converted to mammoth hex dumps and sent over the net to an sql database.
I'd probably set it up so that each run would create a unique "dataset"
(libpcap file).  I'd devise a method to iterate snort, and another one to
look for completed snort jobs and do whatever post processing seems appropriate.
I'd probably use a special ruletype for conditions I just have to know about as
soon as possible.  The post processing system could run the pcap file through
snort with one of the sql like output processors.

This is just off the top of my head.  I'm not there yet.  But, there may
be others on the list that are.

> Thanks for the info!
>
> Simon
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users