Snort mailing list archives

RE: Bandwidth Information

From: "Spitzer, Nathan" <Nathan.Spitzer () acs-inc com>
Date: Wed, 29 May 2002 14:41:04 -0400

If you have a large HD, log the packets in binary to a file on that HD,
record start time, wait till HD fills up (or file reaches some arbitrary
size), record stop time. Now I'm not an expert, but the binary log I would
think should be pretty close to the actual packet size on the wire, so if
you do size/time you should get a good idea.

Nathan Spitzer

-----Original Message-----
From: Cooper Arthur B Contr WCOM
To: snort-users () lists sourceforge net
Sent: 5/29/02 2:09 PM
Subject: [Snort-users] Bandwidth Information

Hello All,

        Does anyone know of an "add-on" or PERL script that can do some
"ciphering" for me and tell me what percentage of my bandwidth is
generating
alerts with SNORT?  I have a snort server set-up on a SPANNED 100
MBS/Full-Duplex port that feeds the internal LAN of a large US Military
installation.  I absolutely LOVE SNORT, but now that I see all of the
crazy
stuff being thrown at us via the Net, I was wondering if there was a way
to
show what percentage of our bandwidth is literally being wasted by the
amount of cmd.exe, code red, SQL Worm 1433 stuff etc. etc. that is
coming in
here and "banging" my firewalls.  THANKS!!

Coop
*************************************************
Arthur B. Cooper Jr  "COOP"
Network Technical Lead
Schriever AFB - Colorado Springs, Colorado
Email: art.cooper () schriever af mil
*************************************************

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Bandwidth Information Cooper Arthur B Contr WCOM (May 29)
- Re: Bandwidth Information Erek Adams (May 29)
- <Possible follow-ups>
- RE: Bandwidth Information Spitzer, Nathan (May 29)
- RE: Bandwidth Information Kreimendahl, Chad J (May 29)