Re: Snort inline extremely slow packet forwarding

[Michael Altizer <xiche () verizon net>]

On 07/15/2011 02:41 PM, Hussein Bahaidarah wrote:
> Thanks Rmkml for help,
>
> I found a work around and I don't understand how and why it did work.
> First, let me explain my configuration:
> eth2 and eth3 are bridged and snort IP should run on them
> eth1 is not used
>
> when I use:  "snort    -N -K none -k notcp -c rules/inline -A console   --daq afpacket -i eth3:eth2   -Q"  the 
> slowness problem appear
>
> my work around is to use " snort    -N -K none -k notcp -c rules/inline -A console   --daq afpacket -i eth3:eth1   -Q 
> ". This works fine though eth1 is not used!!
A couple questions:

What do you mean by "eth2 and eth3 are bridged"?  You're not putting 
them into a Linux bridge (with brctl), right?

Why is eth1 not being used in the second scenario?

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation