Snort mailing list archives
Snort max at 256 simultaneous TCP stream?
From: "Tom Fulton" <tfulton9909 () comcast net>
Date: Sat, 26 Jun 2004 10:33:50 -0700
In the Snort Users Manual for 1.9.1 (2.4.6 Stream4; p. 35) it states that Stream4 "should" be able to scale to handle 32,768 simultaneous TCP connections in its default config. That this is better for the large scale users who need ".to track more than 256 simultaneous TCP streams". Is this bottleneck (256 max TCP streams) for snort often experienced in normal operation when not running Stream4? What happens when this max is reached? Packets just get dropped? Any alerts or errors by default? What is the recommended memcap size for a sensor expecting to reach the 32,768 simultaneous TCP connections? Thanks tom
Current thread:
- Snort max at 256 simultaneous TCP stream? Tom Fulton (Jun 26)
- RE: Snort max at 256 simultaneous TCP stream? Tom Fulton (Jun 26)
- Re: Snort max at 256 simultaneous TCP stream? Edin Dizdarevic (Jun 26)
- Re: Snort max at 256 simultaneous TCP stream? Martin Roesch (Jun 28)
- RE: Snort max at 256 simultaneous TCP stream? Tom Fulton (Jun 26)