perfmon avg bytes/pkt columns misaligned?

["Lee Clemens" <snort () leeclemens net>]

Hello all,

I am using Snort 2.8.3.1 and 2.8.3.2 with the perfmon preprocessor and I
noticed something strange with the output while calculating R-squared values
with my drop rate.

The columns 'Avg Bytes/Pkt (wire)' (1st one) and 'Avg Bytes/Pkt (applayer)'
seem to be identical.

The second 'Avg Bytes/Pkt (wire)' is different from both of these.

The 2.8.3 manual states "Avg Bytes/Pkt (wire) [duplicated below for easy
comparison with other rates]" for the first 'Avg Bytes/Pkt'.

However, it seems to be a duplicate of 'Avg Bytes/Pkt (applayer)' instead.

Am I reading this correctly, or is the wrong value being duplicated in this
first column (column G or the first 'Avg Bytes/Pkt (wire)')?  

The second 'Avg Bytes/Pkt (wire)' seems to be correct (95% stats are less
than 'Avg Bytes/Pkt (applayer)' and never over by more than 6 pkts).

I also see 18 columns which are not described in the 2.8.3 manual, but none
of them are close to matching either of the Avg Bytes/Pkt stats.

Lee


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users