packet I/O totals

[Felix Erlacher <felix.erlacher () uibk ac at>]

Hi all,

I have a question regarding the Snort Packet I/O totals.
This is what Snort tells me after i stop it with SIGTERM:

Packet I/O Totals:
   Received:      2234257
   Analyzed:      1327128 ( 59.399%)
    Dropped:       907129 ( 28.877%)
   Filtered:            0 (  0.000%)
Outstanding:       907129 ( 40.601%)
   Injected:            0

The snort manual says "Outstanding indicates how many packets are
buffered awaiting processing" and further refers to the DAQ
documentation. (The DAQ readme gives no Info on this behalf and I
could't find any other DAQ docu)
There are a few oddities here:
The "Dropped" and "Outstanding" numbers are exactly the same, namely the
difference between "analyzed" and "received".
How can dropped packets be at the same time outstanding?
Of which number is 907129 28.877%?

Is the problem that I aborted Snort?

I am using snort 2.9.9.0 with DAQ 2.0.6 to analyze traffic from my
10GBit NIC with the shipped snort.conf in IDS mode.
BTW: There was already a similar discussion on this list, the problem
was solved by a new DAQ. At the moment I am using the newest DAQ.

thanks and greets
-- 
Felix Erlacher

Key-ID:4EAC0959

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!