100% CPU utilization ????

[George Kryparos <creep09 () gmail com>]

   I am trying to set up a Honeynet (using roo Honeywall CD). My 
network architecture is almost the same as the one shown in the 
following picture --> http://www.honeynet.org/papers/gen2/figureA.jpg , 
except that between the Honeywall gateway and the honeypots there is a 
hub (obviously).

   The problem is that even though the PC being used as a Honeywall is 
not soooo old (a pentium III) the system keeps having a total CPU 
utilization of 100% almost all the time. The processes that are more CPU 
intensive are the tcpdump, the hflowd and the snort_inline. The network 
in use is a rather small one (it is an experimental network behind a 
NAT), so there is not so much traffic. Do you happen to know why is this 
happenning? Is it a common thing or not?

   There is also another issue. I tried to connect the switch before 
the honeywall with the hub after that, just to see what happens. I 
mentioned that the internet connectivity was dissapeared for all 
computers to the network
(those behind both behind the hub and the switch). Veeeery slow ping 
rates and even non-existing connectivity at all. Additionally the Sebek 
daemon failed to start for several restarts and the honeywall system 
reached a peak of CPU utilization, making it impossible even to connect 
to the management interface (eth2). Does anyone have a clue why such a 
behavior was observed?

   Thanx
   George