Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and PF_RING stats

From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 10 Jul 2012 14:30:20 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all - apologies for cross-posting.

I'm running Snort with PF_RING - 4 instances with the same cluster-id.

I run them for 10 minutes or so and get the following statistics from
one instance:

(PF_RING/proc)
Tot Packets     9531989
Tot Pkt Lost    4244914

(Snort when killed)
Analyzed:       5422167 (100.000%)
Dropped:       4310523 ( 44.289%)

The 'Analyzed' value looks similar to the amount from
PF_RING's 'Tot Packets' minus 'Tot Pkt Lost' -
but is Snort then dropping a further 44%?

Any explanations gratefully received.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP/C5sAAoJELhVoVpEMS6RwmgH+wXpsdel44Vq6/YHPqw4CV1P
zXeJTxonPpjAFSEcMKj7afcnxFRawMp8M/7dQRU09PK6niVklYP6CWXGTbhOKnF1
AMtgmlLTiBS3r4N4x2iM2t9JgdThEBm/Hr9vHIvj1eY+lD4Lm+I1Oo5tN5anbHOw
NgASxtPtV5FirEnQvqXJVzc4+lgElmmHBZ9nHYTuhogxbQrrkzZa6m8mHProD5FN
FIPrfETVft+y/+vdkzhxI7hozvAElEKr20BVtdLjPRTVxX7HTwRACCg/m1VuS9Da
e7Ry9fHvo3reb36GNvI/0nVJfjSZzuE250gOQiVBcVqoidxrdGdwx9YLXnW4N2U=
=CoE8
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: