Snort mailing list archives
Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?
From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Mon, 27 Nov 2006 07:57:04 -0700
Do try a newer version, there are known statisic issues with Linux and older versions of libpcap. Bammkkkk On 11/27/06, Andreas Maus <maus () ypbind de> wrote:
On Sun, Nov 26, 2006 at 09:43:24AM -0700, Bamm Visscher wrote:What version of libpcap do you have installed?Hmmm ... Never thought of that. Snort is linked against: maus@debian3164m:~$ ldd /usr/local/bin/snort | grep pcap libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x0000002a9577b000) which is from the libpcap0.8 debian package: maus@debian3164m:~$ apt-cache show libpcap0.8 Package: libpcap0.8 Priority: optional Section: libs Installed-Size: 236 Maintainer: Romain Francoise <rfrancoise () debian org> Architecture: amd64 Version: 0.8.3-5 Depends: libc6 (>= 2.3.2.ds1-4) Filename: pool/main/libp/libpcap0.8/libpcap0.8_0.8.3-5_amd64.deb Size: 86026 MD5sum: a04b5d9c228a34262937c56ba2d19c38 Description: System interface for user-level packet capture libpcap (Packet CAPture) provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc. . Since almost every system vendor provides a different interface for packet capture, and since there are several tools that require this functionality, we've created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. . Further information is available at <URL: http://www.tcpdump.org/> I will try a more current (0.9.5) version. Andreas.
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 22)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Harry Hoffman (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 24)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Harry Hoffman (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Bamm Visscher (Nov 26)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Bamm Visscher (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 27)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Andreas Maus (Nov 23)
- Re: Looooots of "Outstanding" and "Analyzed" packets - counter wrap ? Justin Heath (Nov 27)