Snort mailing list archives
Re: Dropped: 236694431 (64.559%) 64% packet loss
From: Pedro Marinho <pppmarinho () gmail com>
Date: Fri, 12 Jun 2009 16:22:40 -0300
ok thanks Joel, My output method is alert_unified. output alert_unified: filename snort.alert, limit 128 2009/6/12 Joel Esler <jesler () sourcefire com>
On Fri, Jun 12, 2009 at 2:44 PM, Pedro Marinho<pppmarinho () gmail com> wrote:Hello Gentlemen, I am having some Dropped packet problems here with snort. I already did change the search method to lowmem but i am still loosing packets.. i did run snort for about 4405.825615 seconds and the traffic here is about 210976.40 kbits/sec is 4405.825615 seconds a short time to run snort ? Is there something i've got to do in snort.conf to solve this matter?Possibly, what is your output method? That's probably a good starting point for us to ask. joeli am watching traffic at eth2 it is a 06:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721GigabitEthernet PCI Express (rev 21) Subsystem: Dell Unknown device 023c Flags: bus master, fast devsel, latency 0, IRQ 218 Memory at dfef0000 (64-bit, non-prefetchable) [size=64K] Capabilities: [48] Power Management version 2 Capabilities: [50] Vital Product Data Capabilities: [58] Message Signalled Interrupts: Mask- 64bit+ Queue=0/3 Enable+ Capabilities: [d0] Express Endpoint IRQ 0 Capabilities: [100] Advanced Error Reporting Capabilities: [13c] Virtual Channel Capabilities: [160] Device Serial Number d0 Capabilities: [16c] Power Budgeting//-----------------------------------------------------------------------------------------------------------== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.8.0.1 (Build 72) '''' By Martin Roesch & The Snort Team:http://www.snort.org/team.html(C) Copyright 1998-2007 Sourcefire Inc., et al. Using PCRE version: 7.2 2007-06-19 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.6 <Build11>Preprocessor Object: SF_SMTP Version 1.0 <Build 7> Preprocessor Object: SF_SSH Version 1.0 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.0 <Build 10> Preprocessor Object: SF_DCERPC Version 1.0 <Build 4> Preprocessor Object: SF_DNS Version 1.0 <Build 2> Not Using PCAP_FRAMES *** Caught Int-Signal Run time prior to being shutdown was 4405.825615 seconds===============================================================================Packet Wire Totals: Received: 366635284 Analyzed: 129940618 (35.441%) Dropped: 236694431 (64.559%) Outstanding: 235 (0.000%)===============================================================================Breakdown by protocol (includes rebuilt packets): ETH: 130192920 (100.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 0 (0.000%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 130114384 (99.940%) IP4disc: 7 (0.000%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%) ICMP-IP: 0 (0.000%) TCP: 52209130 (40.101%) UDP: 77359186 (59.419%) ICMP: 290867 (0.223%) TCPdisc: 0 (0.000%) UDPdisc: 0 (0.000%) ICMPdis: 0 (0.000%) FRAG: 82 (0.000%) FRAG 6: 0 (0.000%) ARP: 10851 (0.008%) EAPOL: 0 (0.000%) ETHLOOP: 610 (0.000%) IPX: 0 (0.000%) OTHER: 69983 (0.054%) DISCARD: 7 (0.000%) InvChkSum: 30 (0.000%) Upconvt: 0 (0.000%) Up fail: 0 (0.000%) S5 G 1: 0 (0.000%) S5 G 2: 252286 (0.194%) Total: 130192920===============================================================================Action Stats: ALERTS: 23 LOGGED: 23 PASSED: 0===============================================================================Frag3 statistics: Total Fragments: 82 Frags Reassembled: 16 Discards: 6 Memory Faults: 0 Timeouts: 0 Overlaps: 0 Anomalies: 0 Alerts: 0 FragTrackers Added: 63 FragTrackers Dumped: 63 FragTrackers Auto Freed: 0 Frag Nodes Inserted: 79 Frag Nodes Deleted: 79===============================================================================Stream5 statistics: Total sessions: 1628891 TCP sessions: 1345654 UDP sessions: 283237 ICMP sessions: 0 TCP Prunes: 0 UDP Prunes: 0 ICMP Prunes: 0 TCP StreamTrackers Created: 1359004 TCP StreamTrackers Deleted: 1359004 TCP Timeouts: 1196 TCP Overlaps: 235910 TCP Segments Queued: 2186861 TCP Segments Released: 2186861 TCP Rebuilt Packets: 492515 TCP Segments Used: 703168 TCP Discards: 35617053 UDP Sessions Created: 327597 UDP Sessions Deleted: 327597 UDP Timeouts: 44360 UDP Discards: 0 Events: 0===============================================================================HTTP Inspect - encodings (Note: stream-reassembled packets included): POST methods: 14653 GET methods: 106636 Post parameters extracted: 5944 Unicode: 0 Double unicode: 0 Non-ASCII representable: 34925 Base 36: 0 Directory traversals: 1 Extra slashes ("//"): 9926 Self-referencing paths ("./"): 1 Total packets processed: 35374294===============================================================================Snort exiting------------------------------------------------------------------------------Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Martin Roesch (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- <Possible follow-ups>
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 17)