Snort mailing list archives
Re: Perfmonitor / BPF Question
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 16 Jan 2008 10:53:02 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Rob,
BPF is a prefilter for Snort, packets that get filtered by BPF aren't
seen by the Snort engine at all.
-Marty
On Jan 16, 2008, at 10:03 AM, Rob Sharp wrote:
I have a sensor deployed with a BPF file to filter out our network vulnerability scanners to keep the noise down. I notice when the scanner makes a sweep that the dropped packets increase quite a bit. My question is does the perfmonitor count packets dropped by the BPF in the stats it tracks? That would explain the jumps in packet loss. -- Robert Sharp robertsharp () gmail com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- - - -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjihIqj0FAQQ3KOARApaKAJ9r6LaUP5YkPDJ18w5n1PZSe8hx0gCdFqeA LZveNk0RqrwPKHXVah+JC5U= =fjl+ - - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjihUqj0FAQQ3KOARAnhVAJ95j07gEU62wXeXfBu9nBExd2GZmACdHVlz 4GTjS+T7kl9GEYm64WDPH9M= =WgWN - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjiheqj0FAQQ3KOARAlORAJ97mmFBFRD79I9TQ9hQHdAk8zPlfwCdEuuz O4PruH2sYPlmLjPZh1GtEis= =n+8W -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Perfmonitor / BPF Question Rob Sharp (Jan 16)
- Re: Perfmonitor / BPF Question Martin Roesch (Jan 16)