Snort mailing list archives

how to plain a sensor capacity

From: Alessandro Fiorenzi <a.fiorenzi () infogroup it>
Date: Tue, 25 Jan 2005 10:00:14 +0100

I have question that is very important, I am going to deploy a server
that will monitor the traffic of 3/4 networks
The mail problem is undestand how to choise hardware, because if it is
true that is possible to install a 4 Ethernet on a single pci-x
is not so clear that the cpu and the bus could manage a throughput of
400Mbit or more that come from a single  pci-x slot or from 3 pci-x

The question is when snort or tcpdump works sniffing the traffic does
work on ram or directly to the interface memory? 
If it works on interface memory I should choise a network adapter with
large buffers and would use throughput of the bus to choise the right
cpu
Instead if it works on computer memory I should use the time to move
information from ethernet interface to ram, the bus throughput to choise
the right cpu



Thanks in advance


-------------------------------------------------------------------------
INFOGROUP S.P.A                                  http://www.infogroup.it
------------------------------------------------------------------------- 
Dott. Fiorenzi Alessandro  

Consulente Tecnico Trib. Firenze - Siurezza Informatica -
Collegio Periti e Esperti CCIAA Firenze
Soci CLUSIT, ALSI

System Security Administrator

Tel    : +390554365742                
CE     : +393356414477                  
@Email : a.fiorenzi () infogroup it     
-------------------------------------------------------------------------
                   "Faber est suae quisque fortunae" 
-------------------------------------------------------------------------

Current thread:

how to plain a sensor capacity Alessandro Fiorenzi (Jan 25)
- Re: how to plain a sensor capacity Alex Butcher, ISC/ISYS (Jan 25)