Snort mailing list archives
Snort 3.0 performance issue
From: Qinwen Hu <qhu009 () aucklanduni ac nz>
Date: Sun, 17 Jun 2018 10:15:39 +1200
Hi everyone. I am using Snort++ 3.0 to do some performance tests. We set up two scenarios: 1. Running a single flow on a 100Gb high-speed network. Both Pcap and AFPack DAQ work as expected. AF_Packet captured all the packets and no packet loss. PCAP dropped few packets. 2. Running multiple flows with different delays on the same network. This time AFPacket had a bad performance when we compared with PCAP in terms of the received packet. For instance daq (Pcap) received: 695471792 analyzed: 14603352 dropped: 680868440 daq (AFPacket) received: 16774888 analyzed: 16774888 dropped: 699072874
From my understanding, I thought AFPacket will have a better performance
than PCAP. But why I got different results in here? Besides, I am wondering, when I can configure the search methods( ac-bnfa, ac_q or ac-split) in Snort 3.0? Here is some information about our testing service Version:Snort++ 3.0.0-243 CPU: Intel(R) Xeon(R) Gold 6136 CPU @ 3.00GHz * 24 cores Thank you very much. Best regards, Steven
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort 3.0 performance issue Qinwen Hu (Jun 16)
- Re: Snort 3.0 performance issue Carter Waxman (cwaxman) via Snort-users (Jun 19)
- Re: Snort 3.0 performance issue Qinwen Hu (Jun 19)
- Re: Snort 3.0 performance issue Carter Waxman (cwaxman) via Snort-users (Jun 20)
- Re: Snort 3.0 performance issue PUllarao via Snort-users (Jun 20)
- Fwd: Snort 3.0 performance issue Виктор Сурин via Snort-users (Jun 21)
- Re: Snort 3.0 performance issue Qinwen Hu (Jun 19)
- Re: Snort 3.0 performance issue Carter Waxman (cwaxman) via Snort-users (Jun 19)