Snort mailing list archives
Re: Snort speed limit?
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 11 May 2004 16:20:03 -0400
At 02:02 PM 5/11/2004, Sheahan, Paul wrote:
I have a Snort sensor on a Gigabit network. Is there a theoretical speed limit at which Snort can no longer keep up? For example, the wire can handle gigabit but say our traffic level is half of that. Is there a theoretical limit to what Snort can handle assuming the beefiest hardware?
There's no inherent limits in the speed of snort, it's entirely limited by your hardware and configuration. (obviously the more rules, preprocessors, etc you use the more hardware resources snort will chew up for a given flow of traffic.)
The fact that sourcefire's NS3000 is rated for monitoring real gigabit data thruput with 0% packet loss suggests wire-speed gig-e is definitely possible right now with the right hardware and tuning.
------------------------------------------------------- This SF.Net email is sponsored by Sleepycat SoftwareLearn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort speed limit? Sheahan, Paul (May 11)
- Message not available
- Re: Snort speed limit? Matt Kettler (May 11)
- Message not available