statistics, dropped packets, and counters

[Jorge Cuevas <jcuevas () nesys-st com>]

Hi all,

I am trying to gather accurate information regarding packet lost when I 
use snort.

The point is when I send kill -USR1 signal to snort, trying to gather 
some statistics, the dropped packets shown here are related to snort 
itself, or  to libpcap losts (called from snort)? Is this value reliable?

For example, ntop shows information regarding dropped packets due to 
ntop application itself, and dropped packets from libpcap. In some 
scenario, I am using pf_ring socket with ntop, and from 
/proc/net/pf_ring, I can read libpcap or pf_ring dropping statistics 
which fit exactly with those showed by ntop web interface. Does anyone 
know from where I can read libpcap dropped statistics in a raw matter 
similar to /proc/net/pf_ring ones when using snort and common libpcap? 
ie, does libpcap log down any kind of basic or raw statistics? Are they 
reliable?

And last question, what about the statistics from this commands:

ip -stats link
cat /proc/net/dev

Are the dropped packets gather from here related in any matter to 
dropped packets shown in snort statistics?

Any help will be much appreciate.

Thanks in advance

Jorge

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users