Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Poor performance using snort 2.8.x in inline mode

From: carlopmart <carlopmart () gmail com>
Date: Wed, 21 Jan 2009 09:50:15 +0100
I think that the problem is with network. CPU is idle at 95%. Memory is using at 
50% and I use e1000 nics on this host.

Putting snort without inline mode (but using the same rules) throughput is very 
very acceptable (11 MB/s). I am testing it copying a 100MB file over snort 
bridge ....


pieter claassen wrote:

Do you know where the bottleneck occurs?

CPU spec and loads?
PCI spec and loads?
What NIC are you using and what driver loaded for it? Is it running in 
interrupt or polling mode?

What was the performance before  that made you decide it is now poor?

Also, what type of traffic are you putting through the box? Packet size 
distribution/protocol? How did you generate it?

Regards,
Pieter




-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: