RE: Dropping packets why?

["Elijah Savage" <esavage () digitalrage org>]

Paul,

With all do respect sir I think you need to read a bit more carefully
before jumping all over someone I never said in any of my post I had a
15 meg pipe hell I would be dreaming for something like that at home,
though I do have a oc3 and ds3 at work I said that I have a cable
connection in my original post. Please see my original post below, but
it was some other user that piped in about having a 15 meg pipe.
I do appreciate all replies.
Thank You
Original Post
I have snort setup on my openbsd firewall with 3 interfaces
2 intel interface
1 3com interface
All are pci on 100mbit switches
K62 300 128 meg of mem

I figured this machine should be strong enough to simply handle a cable
connection but I am dropping packets

Snort analyzed 19376 out of 20072 packets, dropping 696(3.468%) packets

I am running barnyard logging to a mysql database and using acid but all
that is setup on a totally different machine.

Any ideas where I can start looking to try and correct this, basically
running with the default config except for changing the home_net. I want
to see if I can figure this out then I will start tunning.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Paul
Schmehl
Sent: Monday, October 27, 2003 8:45 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Dropping packets why?

--On Monday, October 27, 2003 6:50 PM -0500 Elijah Savage 
<esavage () digitalrage org> wrote:

> Thank you all for reading my post but it seems you all did not read it
> and looked at my measly hardware and wanted to jump all over it. But
> this is for a cable internet connection 3megabitsDown/512up This
machine
> should be way more than enough to keep up considering some of the
> hardware I have seen on some of the connections they are using.
>
> It has to be a config problem.
Well it certainly wouldn't hurt to be a little more accurate in your 
description of the problem.  Above you tell us you have a 3MBps down 
connection whereas in your first post you said you had "a 15mb pipe to
the 
Interne".  That's five times the pipe you now claim to have.  Makes it a

bit tough for the average, non-ESP, reader to diagnose.

I guess my first question would be, IIRC, SMP is still bleeding edge in 
FreeBSD, is it not?  I suspect your problem is related to the kernel
that 
you've built, but without more info it's really hard to say.  You might
try 
tweaking some of the kern. parameters.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users