Snort mailing list archives
Dropped: 236694431 (64.559%) 64% packet loss
From: Pedro Marinho <pppmarinho () gmail com>
Date: Fri, 12 Jun 2009 15:44:44 -0300
Hello Gentlemen,
I am having some Dropped packet problems here with snort. I already did
change the search method to lowmem but i am still loosing packets.. i did
run snort for about 4405.825615 seconds and the traffic here is about
210976.40 kbits/sec
is 4405.825615 seconds a short time to run snort ?
Is there something i've got to do in snort.conf to solve this matter?
i am watching traffic at eth2 it is a
06:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 Gigabit
Ethernet PCI Express (rev 21)
Subsystem: Dell Unknown device 023c
Flags: bus master, fast devsel, latency 0, IRQ 218
Memory at dfef0000 (64-bit, non-prefetchable) [size=64K]
Capabilities: [48] Power Management version 2
Capabilities: [50] Vital Product Data
Capabilities: [58] Message Signalled Interrupts: Mask- 64bit+
Queue=0/3 Enable+
Capabilities: [d0] Express Endpoint IRQ 0
Capabilities: [100] Advanced Error Reporting
Capabilities: [13c] Virtual Channel
Capabilities: [160] Device Serial Number d0
Capabilities: [16c] Power Budgeting
//---------------------------------------------------------------------------------------------------------
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.8.0.1 (Build 72)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
Using PCRE version: 7.2 2007-06-19
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.6 <Build 11>
Preprocessor Object: SF_SMTP Version 1.0 <Build 7>
Preprocessor Object: SF_SSH Version 1.0 <Build 1>
Preprocessor Object: SF_FTPTELNET Version 1.0 <Build 10>
Preprocessor Object: SF_DCERPC Version 1.0 <Build 4>
Preprocessor Object: SF_DNS Version 1.0 <Build 2>
Not Using PCAP_FRAMES
*** Caught Int-Signal
Run time prior to being shutdown was 4405.825615 seconds
===============================================================================
Packet Wire Totals:
Received: 366635284
Analyzed: 129940618 (35.441%)
Dropped: 236694431 (64.559%)
Outstanding: 235 (0.000%)
===============================================================================
Breakdown by protocol (includes rebuilt packets):
ETH: 130192920 (100.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 130114384 (99.940%)
IP4disc: 7 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 52209130 (40.101%)
UDP: 77359186 (59.419%)
ICMP: 290867 (0.223%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 82 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 10851 (0.008%)
EAPOL: 0 (0.000%)
ETHLOOP: 610 (0.000%)
IPX: 0 (0.000%)
OTHER: 69983 (0.054%)
DISCARD: 7 (0.000%)
InvChkSum: 30 (0.000%)
Upconvt: 0 (0.000%)
Up fail: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 252286 (0.194%)
Total: 130192920
===============================================================================
Action Stats:
ALERTS: 23
LOGGED: 23
PASSED: 0
===============================================================================
Frag3 statistics:
Total Fragments: 82
Frags Reassembled: 16
Discards: 6
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
FragTrackers Added: 63
FragTrackers Dumped: 63
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 79
Frag Nodes Deleted: 79
===============================================================================
Stream5 statistics:
Total sessions: 1628891
TCP sessions: 1345654
UDP sessions: 283237
ICMP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
TCP StreamTrackers Created: 1359004
TCP StreamTrackers Deleted: 1359004
TCP Timeouts: 1196
TCP Overlaps: 235910
TCP Segments Queued: 2186861
TCP Segments Released: 2186861
TCP Rebuilt Packets: 492515
TCP Segments Used: 703168
TCP Discards: 35617053
UDP Sessions Created: 327597
UDP Sessions Deleted: 327597
UDP Timeouts: 44360
UDP Discards: 0
Events: 0
===============================================================================
HTTP Inspect - encodings (Note: stream-reassembled packets included):
POST methods: 14653
GET methods: 106636
Post parameters extracted: 5944
Unicode: 0
Double unicode: 0
Non-ASCII representable: 34925
Base 36: 0
Directory traversals: 1
Extra slashes ("//"): 9926
Self-referencing paths ("./"): 1
Total packets processed: 35374294
===============================================================================
Snort exiting
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Martin Roesch (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- <Possible follow-ups>
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)