Snort mailing list archives

Re: Snort's configuration

From: Joel Esler <joel.esler () sourcefire com>
Date: Wed, 03 May 2006 07:53:02 -0400

Santi,

Disabling preprocessors, disables functionality of Snort. It's notrecommended.


What version of Snort are you running?
What version of libpcap are you running?
Please cut and paste your command line here.

Please cut and paste your snort.conf here (please remove anythingidentifiable as internal.. eg. passwords, home_net..etc.)

Please tell us about your network configuration
Please tell us your hardware configuration.

Joel

Santi Benito wrote:

Dear Snort users, I have written 3 times in snort`s users mailing
list and anybody has answer my question and I am a little bit worried
with my problem.
I am analyzing real traffic with snort and I only use in snort.conf
the rules referring to P2P and all the preprocessors active, when I
replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the
packets and I have read that cancelling the preprocessors it could
work better but it doesn`t.
I don`t know how to change the memcap and also don`t know how to make

snort to use libpcap with mmap that I have read that could be a goodidea.


Could anyone help me or say to me something?

Santi


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?

Get stuff done quickly with pre-integrated technology to make your jobeasierDownload IBM WebSphere Application Server v.1.0.1 based on ApacheGeronimo

http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort's configuration Santi Benito (May 03)
- Re: Snort's configuration Joel Esler (May 03)
- Re: Snort's configuration Paul Schmehl (May 03)