Re: Snort's configuration

[Paul Schmehl <pauls () utdallas edu>]

Santi Benito wrote:
> Dear Snort users, I have written 3 times in snort`s users mailing
> list and anybody has answer my question and I am a little bit worried
> with my problem.
> I am analyzing real traffic with snort and I only use in snort.conf
> the rules referring to P2P and all the preprocessors active, when I
> replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the
> packets and I have read that cancelling the preprocessors it could
> work better but it doesn`t.
> I don`t know how to change the memcap and also don`t know how to make
> snort to use libpcap with mmap that I have read that could be a good idea.
>
> Could anyone help me or say to me something?
You're going to get a lot more help if you tell us what OS you're 
running snort on - what version of snort you're running - what processor 
and how much memory your snort box has - etc., etc.

Some of the folks here are pretty good.  None of them are mind readers.

--
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature