Snort mailing list archives

Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode

From: carlopmart <carlopmart () gmail com>
Date: Tue, 05 Apr 2011 22:25:44 +0200

On 04/05/2011 10:19 PM, Russ Combs wrote:



On Tue, Apr 5, 2011 at 3:58 PM, carlopmart <carlopmart () gmail com
<mailto:carlopmart () gmail com>> wrote:

    On 04/05/2011 09:13 PM, Russ Combs wrote:
     >
     >
     > On Tue, Apr 5, 2011 at 3:05 PM, carlopmart <carlopmart () gmail com
    <mailto:carlopmart () gmail com>
     > <mailto:carlopmart () gmail com <mailto:carlopmart () gmail com>>> wrote:
     >
     >     On 04/05/2011 08:32 PM, Russ Combs wrote:
     > > You could try commenting out the normalize_* to see if it is doing
     > > anything your traffic doesn't tolerate very well.
     > >
     >
     >     Perfect!! .. But why?? I don't understand because normalize_*
    configs
     >     are supposed to work inline mode, no?
     >
     >
     > You mean disabling normalize_* brought your throughput up to what you
     > expected?

    Correct.

     >  You could try disabling just one at a time to narrow it down.

    Ok, problems appears when "preprocessor normalize_tcp: ips ecn stream"
    is enabled.

    All works ok if I disabled this option and activating "normalize_ip4"
    and "normalize_icmp4" ...


Have you tried re-enabling the rules etc with just that disabled?


Yes, I have enabled my group rules and bandwidth is ok now ( I loose 
between 25Kb-85Kb only, but it seems correct). At least, I think ...

What is your opinion??

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
- Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
  - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
    - Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)