Snort mailing list archives
Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?
From: Andreas Maus <maus () ypbind de>
Date: Mon, 27 Nov 2006 16:19:15 +0100
On Mon, Nov 27, 2006 at 07:57:04AM -0700, Bamm Visscher wrote:
Do try a newer version, there are known statisic issues with Linux and older versions of libpcap. Bammkkkk
Thanks. Building libpcap 0.9.5 and linking against snort did the trick: *** Caught Usr-Signal Snort ran for 0 Days 5 Hours 21 Minutes 46 Seconds Packet analysis time averages: Snort Analyzed 3520 Packets Per Hour Snort Analyzed 54 Packets Per Minute Snort Analyzed 0 Packets Per Second Snort received 17604 packets Analyzed: 17603(99.994%) Dropped: 0(0.000%) Outstanding: 1(0.006%) =============================================================================== Breakdown by protocol: TCP: 13131 (74.595%) UDP: 573 (3.255%) ICMP: 84 (0.477%) ARP: 3815 (21.672%) EAPOL: 0 (0.000%) IPv6: 0 (0.000%) ETHLOOP: 0 (0.000%) IPX: 0 (0.000%) FRAG: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) =============================================================================== Action Stats: ALERTS: 31 LOGGED: 31 PASSED: 0 =============================================================================== TCP Stream Reassembly Stats: TCP Packets Used: 13131 (74.595%) Stream Trackers: 575 Stream flushes: 22 Segments used: 41 Segments Queued: 42 Stream4 Memory Faults: 0 =============================================================================== Many thanks, Andreas. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 22)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Harry Hoffman (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 24)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Harry Hoffman (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Bamm Visscher (Nov 26)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Bamm Visscher (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Justin Heath (Nov 27)