Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort sniffing (snorfing?)

From: "Wedge Breaker" <wedgebreaker () crackdealer com>
Date: Wed, 22 Aug 2001 13:42:45 -0700
1st time poster - long time listener.

I'm trying to evaluate Snort's ability to just sniff traffic and I need some help figuring out how to do it.  My goal 
is to baseline the amount of traffic snort can handle.  I'll be running Netperf or something to generate traffic and I 
want to see if Snort can keep up.

I do know that I can do this:

snort -i eth0 -v > /dev/null

but Marty says in his Snort paper that running in verbose mode is slow.  Is that still the case if I'm dumping to 
/dev/null?

I also know that in Martys' paper, he says that in -b mode (binary logging) that Snort can keep up with 100Mbit/s 
traffic.  That may be so, but I would think that if you wanted optimum sniffability, you wouldn't want to log any data, 
just count packets.  Right?

Any suggestions?

TIA,
wb



------------------------------------------------------------
[- Get your own free e-mail @ http://www.crackdealer.com -]

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: