RE: 2.1.3rc1 Performance RESULTS

[Dirk Geschke <Dirk () geschke-online de>]

Hi Gary,

thanks for the fine results. I already suspected some errors in the
old libpcap statistics since so many people were reporting of high
traffic sniffing without packet loss...

> Can someone from sourcefire/snort team comment on how the performance 
> statistics (both perfmon processor and after receiving a USR1 signal) are 
> created?  How reliable are they?  Do they report just what they receive 
> from libpcap, or would they report as "dropped" packets that they received 
> from libpcap, but couldn't process for whatever reason.

No, snort only reports the statistics of libpcap, snort never drops
packets by itself. Depending on the load and rules which have to been
tested it can happen that snort takes for some packets longer to analyze
than for others.

Especially if many rules have to been checked and no rule matches...

Best regards

Dirk


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users