Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Comparison of freebsd and linux [was: snort packet loss rate}

From: "Michael Scheidell" <scheidell () secnap net>
Date: Thu, 27 Apr 2006 19:42:25 -0400
    Box F1                Box F2                Box L1
    (Freebsd 5.2.1)    (Freebsd 5.2.1)    (Linux 2.6.9)

drop:~80%            ~80%                ~80%

After I made following changes on F1 and L1

on F1
1. enable device_polling
2. disable hyperthreading
3. disable smp and leave only 1 cpu
4. enlarge libpcap memory usage
5. downgrade libpcap.0.9.4 to 0.8.3 and
   change the source code

on L1:
1. Install mmap libpcap

The results are:
   Box F1                Box F2                Box L1
    (Freebsd 5.2.1)    (Freebsd 5.2.1)    (Linux 2.6.9)

drop:~80%            ~80%                ~50%

With no rules and no preprocessors ,they are:

   Box F1                Box F2                Box L1
peak:0.1%              21%                    0.05%



I am running (in several instances) FBSD 5.4, full snort, community AND
bleeding edge rules and see typical only 5% packet drop.

Maybe about 10% on 4.11 (4.11 didn't handle HTT as well as 5.4)

Not sure why even tcpdump is losing packets on your end.



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: