Snort mailing list archives

Re: Snort Packet Stats

From: Ashley Thomas <athomas () unity ncsu edu>
Date: Thu, 10 Jan 2002 16:53:05 -0500 (EST)

It is slightly out of sync but may i ask you this.

From the stats that you've attached Snort seems to be dropping a lot

of packets ?
Is the traffic volume very high ?

or is it something that i've overlooked.

thanks
ashley



On Thu, 10 Jan 2002, Matt Jonkman wrote:

We're working on our own homegrown snort back-end and want to really
concentrate on having detailed live and trending stats for each sensor.

Is there a way to get the stats that snort dumps when you ^C a non-daemon
instance when you are running as a daemon? If not is there another source of
the running stats we can grab and trend?

Thanks

Matt




I.E these stats:

============================================================================
===
Snort analyzed 4444 out of 6034 packets, dropping 1590(26.351%) packets

Breakdown by protocol:                Action Stats:
    TCP: 2494       (41.332%)         ALERTS: 0
    UDP: 108        (1.790%)          LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 102        (1.690%)
DISCARD: 0          (0.000%)
============================================================================
===
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
============================================================================
===
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
============================================================================
===
Snort received signal 2, exiting


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: ACID wishlist Roman Danyliw (Jan 10)
- Snort Packet Stats Matt Jonkman (Jan 10)
  - Re: Snort Packet Stats Martin Roesch (Jan 10)
  - Re: Snort Packet Stats Ashley Thomas (Jan 10)
    - Re: Snort Packet Stats Matt Jonkman (Jan 10)
    - Snort Stats & ACID Guillaume (Jan 11)