Gigabit NIC's and snort hardware required??

["Zach Forsyth" <Zach.Forsyth () kiandra com>]

Hi,

Just wanted to ask how long a piece of string is...

Actually I wanted to ask what hardware I need to successfully run snort
2.x on a Cisco 3508 fibre gigabit switch.

Just playing around today I set up a win 2k server, snort 2, winpcap 3,
P4 2.4ghz, 512mb DDR, 1x40gb 7200rpm drive and a HP(compaq) NC6136 fibre
gb nic, etc.
I have all switch ports monitored onto the one snort is on.

Just using the command :> snort -vi2 from the dos command prompt I am
losing between 30%-50% of all packets.

Does this sound right?
Should I be swapping to linux? No dramas to do that just had a win2k box
handy for this afternoon.

I don't imagine the GB switch is anywhere near utilization as it is only
an 8 port, with roughly 200 users coming into it for file/print/db etc.
I will be checking the actual bandwidth useage tomorrow as well.

Any ideas on what is really needed for snort to cap GB traffic?
Just ballpark for say between 100-200mb/s - I am sure it is not more
than this, but could be proved wrong.

Will keep searching for info in the meantime.

Cheers

Zach


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users