Re: A Query about dropped packets

[Ashley Thomas <athomas () unity ncsu edu>]

I am running snort as:

./snort -d -h 10.0.0.0/24 -c snort.conf

How do i make sure that name lookup is turned off ? (There was no mention of
this in the help / manual)

thanks
Ashley

Phil Wood wrote:

> On Thu, Sep 20, 2001 at 10:50:28PM -0400, Ashley Thomas wrote:
> > Hi all,
> >
> > I am running Snort on openBSD 2.9.
> > I keep getting packets and when i terminate it gives some statistics
> > which include
> >
> > "Snort analyzed 1716 out of 2979 packets, dropping 1263(42.397%)
> > packets"
> I bet you have turned on name lookup?  You should never see dropped packets
> like that with only 2979 packets.
> > Does this mean snort is dropping packets or does it mean that Snort
> > analysed only 1716 ?
>
> It means that snort only saw 1716 of the 2979 packets that drifted by
> your sensor.  The kernel droped 1263, presumably because snort never
> got back in time to lift them into user space.
> > In the latter case what is the filter used to filter 1716 out of 2979
> > packets and drop the rest ?
> >
> > Is this because there is something wrong in the configuration ?
> >
> > Any pointers is welcome.
> >
> > thanks a lot
> > Ashley
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> --
> Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users