Snort mailing list archives
Re: "Making Snort go fast under Linux..."
From: Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>
Date: Wed, 24 Feb 2010 18:26:15 +0100
Randal T. Rioux wrote:
On Wed, February 24, 2010 9:02 am, Edward Bjarte Fjellskål wrote:During the years, I have tried to gather some notes on what can help "Snort go faster". I summed it up in a blog post: http://www.gamelinux.org/?p=81 If anyone here has any comments/improvements/tips etc, I would be happy to hear about them, and include them in my post for future reference.Nice job, some really great pointers. Gave me an idea.
Thanks :)
You mentioned performance may be enhanced by using different compilers/flags. I'm going to run some tests using different setups (OS, compiler collection, etc). Can anybody suggest an ideal way to beat the Hell out of a Snort box? I'd like to analyze as large a dataset as possible containing a large amount of detectable malware/sig triggers. Something that can sustain 1Gb of traffic for approx. five minutes. I have the storage, systems and bandwidth in my lab to do fiber, copper, multiple platforms and operating systems.
First thing that comes to mind: http://www.breakingpointsystems.com/ Though I have no experience with the product, Im just aware of it :) When I do testing, I usually have home made pcaps, and replay them with tcpreplay and/or even daemonlogger. tcpreplay have some nice features on how fast you want to replay the traffic.
This will be fun.
Enjoy :)
Thanks! Randy ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- "Making Snort go fast under Linux..." Edward Bjarte Fjellskål (Feb 24)
- Re: "Making Snort go fast under Linux..." Randal T. Rioux (Feb 24)
- Re: "Making Snort go fast under Linux..." Edward Bjarte Fjellskål (Feb 24)
- Re: "Making Snort go fast under Linux..." beenph (Feb 24)
- Re: "Making Snort go fast under Linux..." Ronny Vaningh (Feb 24)
- Re: "Making Snort go fast under Linux..." Mark W. Jeanmougin (Feb 25)
- Re: "Making Snort go fast under Linux..." Edward Bjarte Fjellskål (Feb 24)
- Re: "Making Snort go fast under Linux..." Crook, Parker (Feb 24)
- Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
- Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
- Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
- Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
- Re: "Making Snort go fast under Linux..." Randal T. Rioux (Feb 24)