Fwd: Randomness in Snort engine

[Hyunseok <hyunseok () ieee org>]

Originally posted at snort-devel, and cross-posted here:

I have one question about Snort.

I was running Snort in offline mode by feeding a tcpdump packet trace to it.

I expected that Snort analysis result would be identical when I re-run
Snort multiple times with the same packet trace.

However, I noticed that the the total packets processed is slightly
different across different runs, which affects other analysis results.

result.0:    Total packets processed:              230718
result.1:    Total packets processed:              230720
result.2:    Total packets processed:              230722
result.3:    Total packets processed:              230721

Do you guys have any idea where this slight randomness comes from in Snort?

I'm using the default snort configuration with default rule sets.

Thanks,
-HS

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!