Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.6.1.3 ignoring stream4

From: "Paul Melson" <pmelson () gmail com>
Date: Sat, 7 Apr 2007 20:12:32 -0400
On 4/6/07, Darryl Taylor <darryl.taylor () sourcefire com> wrote:

What size pipe is it monitoring (what's peak and sustained during
business hours)? Which libpcap implementation is installed, standard,
Phil Woods, or pfring?


The pipes' that this sensor is watching have an aggregate bandwidth of
about 24Mbps, and peak throughput is between 10-15Mbps with peak pps
rates in the 60-80 range.  The pcap library is the default libpcap
package that comes with RHEL4.

This issue is definitely tied to 2.6.1.3 and not the hardware.  I can
down-rev the config file and snort binary back to 2.6.0.2 on this box
and the CPU usage drops off dramatically.

PaulM

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: