Re: Why Snort doubles packet number?

["Justin Heath" <justin.heath () gmail com>]

This was answered on the list a few days back. Here's a link:

http://groups.google.com/group/mailing.unix.snort/browse_frm/thread/80d7d2c50f9a916/05d8fd296bd6bb30?lnk=st&q=snort+tcpdump+twice+justin+OR+jheath&rnum=2#05d8fd296bd6bb30

On 5/11/06, Santi Benito <benisoroa () gmail com> wrote:
> Hi Snorters,
> I am replaying with Tcpreplay a file that has 1644419 packets by
> eth1.This interface is directly connected to eth1 in another computer
> where is running snort.
> When I press CTRL+C when the replay has finished, on statistic appear:
>
> Snort received 3288840 packets (this number is just the double of 1644419)
>     Analyzed: 3288840(100.000%)
>     Dropped: 0(0.000%)
>
> Why occurs this thing?
> Thanks a lot!
> Santi
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmdlnk&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?listsnort-users