Snort mailing list archives
Re: Dropping packets when using a sniffer and snort together
From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 2 Oct 2012 19:36:19 +0000
Are you using the pf_ring NIC drivers? That might be a good first start. On Tue, Oct 2, 2012 at 6:42 PM, Abhishek Sharma <abhisheksharma84 () gmail com> wrote:
Hi, Maybe this is not a question I should be putting on this forum at all but I nevertheless wanted to give it a shot. I have a high speed network and wanted to give snort inline a shot. It seems to work really well. The trouble comes when I try to club it with my sniffer. So basically I have 3 instances of snort inline running on ethX alongwith my custom sniffer trying to write all those packets to a pcap file on the disk (I have some requirements to store ALL the packets as well). I have observed that the sniffer works well when run standalone but starts dropping packets when snort is also running in parallel in inline mode. What could be the possible reasons? Is it that the CPU is starved of some READ operations as 3-4 processes are trying to process packets on the same interface??? Abhi ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Dropping packets when using a sniffer and snort together Abhishek Sharma (Oct 02)
- Re: Dropping packets when using a sniffer and snort together Jeremy Hoel (Oct 02)