Snort mailing list archives
RE: snort dropping 48%
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 06 May 2004 16:36:08 -0500
On Thu, 2004-05-06 at 16:04, Sheahan, Paul wrote:
Funny how this rules file and startup script worked perfectly on Snort 1.9 on 100mb Ethernet and a low end server, and I was using all the other default rules too. Odd. I've always loved Snort but now it has become completely useless.
Mumpitz. You can always run the older version again. The problem is finding out if it's the old hardware or software. You should be able to determine that quickly by running your old Snort 1.9 setup on the new box. Also, run the new Snort set up on a different box. There is always the chance that your Gigabit card doesn't work well together with your system board, perhaps interrupt contention (dunno if Linux has a DEVICEPOLLING option like BSD does). Moreover, try a different NIC, and finally change the system. Feel free to also try running a different OS. FreeBSD seems to perform well with Intel Gigabit NICs. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- snort dropping 48% Sheahan, Paul (Apr 28)
- Message not available
- Re: snort dropping 48% Matt Kettler (Apr 28)
- legit network-traffic generating tool? siddharth thakkar (Apr 28)
- Re: snort dropping 48% Matt Kettler (Apr 28)
- Message not available
- <Possible follow-ups>
- RE: snort dropping 48% Sheahan, Paul (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- RE: snort dropping 48% Sheahan, Paul (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- RE: snort dropping 48% Sheahan, Paul (May 06)
- RE: snort dropping 48% Frank Knobbe (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- Re: snort dropping 48% Josh Berry (May 07)
- RE: snort dropping 48% Chuck Holley (May 07)
- RE: snort dropping 48% Michael Boman (May 10)
- Message not available
- RE: snort dropping 48% Josh Berry (May 07)
- RE: snort dropping 48% Josh Berry (May 07)