Snort mailing list archives
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 5 Apr 2011 11:23:50 -0400
On Tue, 05 Apr 2011 14:30:43 +0200, carlopmart wrote:
On 04/05/2011 02:15 PM, Nigel Houghton wrote:On Tue, 05 Apr 2011 11:42:39 +0200, carlopmart wrote:Hi all, I am testing a snort 2.9.0.4 (build 111) in afpacket mode but bandwidth is really poor. For example, downloading an iso image (640 MB) with snort up, bandwidth is between 140Kb and 180kb, without snort up is between 900Kb and 1MB. I have loaded only emerging-attack_response.rules file. How can increase this bandwidth when snort is up??Disable the emerging-attack_response.rules file and what happens? --I disabled the rule and bandwidht increase to 275 kb ... but it is still far from the total bandwidth (1MB).
Now start trimming those ports in the preprocessors down, limit to *only* the ones you actually use. Disable any pre-processors you don't use. The idea is to get to a bare bones configuration so that you can start to see the effects on traffic flow as you add in required detection. Start simple, build from there. -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)