Re: Query about the performance

[Steven Sturges <ssturges () sourcefire com>]

I'm not entirely sure of what you are trying to do, so it is tough
to answer specifically.

The capture rate is affected by a number of factors -- speed of
the hardware, drivers, kernel, DAQ module being used, etc.

Beyond the above, the performance of Snort itself is also affected
by the number of rules, memory settings, etc.

Snort is definitely capable of looking at packets in the context of
other packets in the flow leveraging Stream and/or flowbits.

On 6/8/11 5:54 AM, Gaurav Suryagandh wrote:
> Hi All,
>
> I am trying to incorporate snort in my application for packet filtering.
>
> I have two questions regarding the same.
>
> 1) how much is snort's packet capture rate ?
>
> 2) Can we filter packets based on flow ?
>
> Thanks,
> Gaurav
>
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel