Snort mailing list archives
Re: Snort 2.0 dropping packets
From: Bennett Todd <bet () rahul net>
Date: Mon, 21 Apr 2003 10:10:27 -0400
2003-04-21T09:07:15 Gary Flynn:
Edin Dizdarevic wrote:memory is more important than CPU speedI hadn't heard this before. Does this apply only with stream reassembly enabled and lots of streams or to snort in general? Why?
This applies as long as stream reassbly, or the conversation preprocessor (prerequisite to portscan2) are enabled. By chopping out enough preprocessors you can turn snort into a slightly juicy brother of ngrep, stateless, free of traffic-dependent memory consumption. But memory is cheap enough so this doesn't feel like a good optimization. -Bennett
Attachment:
_bin
Description:
Current thread:
- Snort 2.0 dropping packets Always Bishan (Apr 20)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 20)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 20)
- Re: Snort 2.0 dropping packets Gary Flynn (Apr 21)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 21)
- Re: Snort 2.0 dropping packets Gary Flynn (Apr 21)
- <Possible follow-ups>
- Re: Snort 2.0 dropping packets Neil Dickey (Apr 21)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 21)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 21)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 21)