Snort mailing list archives
Re: Help needed: Performance Check & Traffic Capture
From: Phil Wood <cpw () lanl gov>
Date: Tue, 1 Jan 2002 20:50:18 -0700
On Tue, Jan 01, 2002 at 04:55:06PM -0800, Erek Adams wrote:
On Tue, 1 Jan 2002, David Lambert wrote:Thanks for the pointer to this. Unfortunately when I tried this it gave me the following results. Any idea why the crazy first line? Everything else seems to work fine.None. That's an odd one. What OS, Version/Build of Snort and hardware are you running this on? Linux based?=============================================================================== Snort analyzed -235601920 out of 16777216 packets, dropping 252379136(1504.297%) packets[...snip...] If it's Linux based, check the archives from the snort-dev list at http://marc.theaimsgroup.com/ for some patches provided by Phil Wood <cpw () lanl gov> to make libpcap + Linux 2.4(?) play nice.
Hi, the pcap library is fixed at tcpdump.org. Pull down the current library: http://www.tcpdump.org:80/daily/libpcap-current.tar.gz It has the fix to pcap_stats. It does not have the "turbo" patches which use a ring buffer. I have that in a different tarball which I'm still not 100% sure about. If you get the above working and would like to try something even more bizarre, drop me an email. Phil (cpw () lanl gov)
Anyone else? ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help needed: Performance Check & Traffic Capture Marc Dreher (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Traffic 'surrounding' an alert (was: Help needed: Performance ...) Marc Dreher (Jan 02)
- Re: Traffic 'surrounding' an alert (was: Help needed: Performance ...) Chris Green (Jan 02)
- <Possible follow-ups>
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture Phil Wood (Jan 01)
- Re: Help needed: Performance Check & Traffic Capture David Lambert (Jan 02)
- Re: Help needed: Performance Check & Traffic Capture Marc Dreher (Jan 02)
- Re: Help needed: Performance Check & Traffic Capture Erek Adams (Jan 01)