Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: hardware requirements

From: Wes Young <wcyoung () buffalo edu>
Date: Mon, 10 Jan 2005 10:45:52 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

want to watch some hard-core bw, with no dropping of packets....?
i'm workin on a setup right now with an ENDACE DAG card... kinda
pricy... (www.endace.com), but if you have the resources... I would
start there... it's kind of difficult to setup, but if you read the
manual step by step... and understand how the card works with libpcap...
you'll beable to monitor tons of traffic with no performance issues on
the box. Also, from what I am told, you can get a daughter card that
will run snort right on the card (again, if you have the resources...)
to offload the cpu.....

Dropping packets is a mix of rules and hardare... some of the pcre rules
will slow you down and cause you to drop on normal cards.... just a
trial and error for what you would like to watch on your network if you
stick with conventional cards... use the perf. monitor preprocessor and
'pmgraph.pl' script (google it) to see what your stats look like, tweak
as nessisary.....

Rich Adamson wrote:
|>Greetings, I would like to know if anyone has any hardware
recommendations to run SNORT on.
|
| specifically im looking to put a GigE NIC in a
|
|>box and would like to know how fast a CPU and memory etc etc.
|
|
| Just about any box will work, however what you really want to know
| is... at what level of traffic will snort begin to drop packets.
| In other words, its traffic volume dependent, not GigE dependent.
|
| I've got several Win32 boxes running just fine on boxes that came
| with GigE ports, but the traffic volumes at those locations are so
| low that snort could have been using a 10meg port.
|
|
|
|
| -------------------------------------------------------
| The SF.Net email is sponsored by: Beat the post-holiday blues
| Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
| It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
| _______________________________________________
| Snort-users mailing list
| Snort-users () lists sourceforge net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
|
|

- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFB4qMwzLe0Tk6uDXYRAqNaAKCUhoAZQsCmfZwH6jy4DjI9s5f8fgCfV03F
ku0gAzR4CKVOgdDkSH5EdLQ=
=SWsJ
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: