Snort mailing list archives
Re: Snort dropping packets?!?!?!?!?!
From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Wed, 17 Jul 2002 17:31:37 -0700
James, I recently stumbled accross some really weird behaviour with a machine dropping packets, once a little load was put on the machine. (Pentium 120's running a VPN.) What ultimately fixed it was replacing the network cards with other network cards. (The original cards were 3com 3c590's, and the replacements were netgear fa311's.) There is also weirdness with some chipsets that just refuse to do promiscuous mode correctly. Usually you have to look at the driver code to deduce of the comments if a chipset actually works worth a dime or not. The best 10/100 chipset I've used is the DEC/Intel Tulip chipset, it's old, but works well anything from a 21141 to a 21143 is decent. YMMV but: http://www.milestek.com/10-100MbpsAdapter.htm This one is based on the 21143. It's made by Danpex, a rather large network OEM manufacturer, I'm sure you can get em elsewhere, but milestek ships quick, and they're not overly expensive. ($35/piece) roel
K6-2 400 2- P-net nics. (super cheap) latest snort with customised sig base. output to barnyard barnyard into MySQL on the same box The issue is this. When snort isnt running it detects all packets from my network. Which is running about 2Mb/s. As soon as snort is brought up st starts dropping packets. It is now down to picking up only 1/25 of the packets on the network.even with no preprocessors running and no signatures turned on. I take it there is sime problem between snort and the OS (redhat 7.2). Either that or snort and my cheap NIC dont get along. I have run this without mysql or barnyard running and with no preprocessors and signatures it cant be the snort engine right???? Normaly snort is running 8.5% cpu, with everything turned off it is runing 0.3%cpu. That is as it should be, but it is still dropping packets at the same rate. any ideas??? _______________________________ James Ashton 13840 Osprey Links Dr, #219 Orlando Fl, 32837 407-859-5218 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort dropping packets?!?!?!?!?! James Ashton (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Gene Gomez (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Matt Kettler (Jul 17)
- Message not available
- Re: REMOVE PLEASE IMMEDIATELY Matt Kettler (Jul 19)
- RE: Snort dropping packets?!?!?!?!?! Matt Kettler (Jul 17)
- RE: Snort dropping packets?!?!?!?!?! Gene Gomez (Jul 17)
- Re: Snort dropping packets?!?!?!?!?! Roelof JT Jonkman (Jul 17)
- Re: Snort dropping packets?!?!?!?!?! John Sage (Jul 17)