Snort mailing list archives

Re: Snort 2.9.5 / PFRing

From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 27 Aug 2013 09:12:22 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 26/08/2013 23:14, Welters, Jon (LARC-B703)[LITES] wrote:

I went ahead and ran the pfcount userland app on the interface snort is monitoring and it lists all of the packets as 
filtered.

This has got to be connected to my problem, however I'm not sure where to start troubleshooting, can someone point me 
in the right direction?

One other data point:
/usr/local/src/PF_RING-5.6.0/userland/examples/pfcount -i eth4
=========================
Absolute Stats: [527277 pkts rcvd][527277 pkts filtered][0 pkts dropped]
Total Pkts=527277/Dropped=0.0 %
527'277 pkts - 620'476'946 bytes [35'145.43 pkt/sec - 330.86 Mbit/sec]
=========================
Actual Stats: 31722 pkts [1'000.19 ms][31'715.78 pps/0.30 Gbps]
=========================


If pfcount isn't working properly then it's probably
a good question to ask on the ntop-misc (i.e. PF_RING) mailing list
- - problems often seem to fall between here and there.

Are you running PF_RING in a specific transparent_mode
and if you're running with 1/2 have you installed the PF_RING NIC driver?

It's interesting to see people having problems
- - I'm shortly going to go for this upgrade to replace 2.9.3.1 before EOL.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSHF9mAAoJELhVoVpEMS6R7f0H/3kGOuaAmvSG8CXtD9G1JL5l
nETWOdSfXyjmYh/vD5aKTSuow/5e7WL20FONaZJkK31CkAsXTdbRreN7/gyCjjxC
XjzmMSg+xMbnH0OtNJOsuXWaNWmSvhcTAwEUwdiUypXdKgAgO/0P1KD4vIgP1GAB
Em819K5J58n2AQh/EZHl1+xk5TqeqK+l/8wPHnlTgRVrp1sU2zLioitDOiKI0M6D
bRpX+LC/oZeIShiET3vSvMZERubKi+/UFpmQT8WGVL1HGu88tNSetBM1kbk6vfND
WfZR2q9UDusBxQCBhQP83e7Brm9JZWasdT5yCepdjM+8UQMkWQHXSOn798SbKhY=
=TlVo
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 05)
- Re: Snort 2.9.5 / PFRing Russ Combs (Aug 05)
  - Re: Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 26)
    - Re: Snort 2.9.5 / PFRing Welters, Jon (LARC-B703)[LITES] (Aug 26)
    - Re: Snort 2.9.5 / PFRing Peter Bates (Aug 27)