Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode

From: carlopmart <carlopmart () gmail com>
Date: Tue, 05 Apr 2011 21:58:08 +0200
On 04/05/2011 09:13 PM, Russ Combs wrote:



On Tue, Apr 5, 2011 at 3:05 PM, carlopmart <carlopmart () gmail com
<mailto:carlopmart () gmail com>> wrote:

    On 04/05/2011 08:32 PM, Russ Combs wrote:
     > You could try commenting out the normalize_* to see if it is doing
     > anything your traffic doesn't tolerate very well.
     >

    Perfect!! .. But why?? I don't understand because normalize_* configs
    are supposed to work inline mode, no?


You mean disabling normalize_* brought your throughput up to what you
expected?


Correct.


 You could try disabling just one at a time to narrow it down.


Ok, problems appears when "preprocessor normalize_tcp: ips ecn stream" 
is enabled.

All works ok if I disabled this option and activating "normalize_ip4" 
and "normalize_icmp4" ...


-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: