Snort mailing list archives
Re: pfring and traffic splitting
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 6 Nov 2012 10:00:11 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 05/11/2012 18:14, Greg Williams wrote:
I have been running Snort 2.9.2 for quite a while. I decided to look at the stats and it was dropping around 50% of the packets ~170Mbps. I decided to install PFRING and update Snort.. My problem is that pfring doesn't look like it's splitting any traffic. Any ideas?
I'm quite surprised you're dropping 50% at only 170Mbps - have you tried using the AF_PACKET DAQ and a buffer of 512Mb-1Gb? I'm running PF_RING quite happily but on systems with < 200Mbps have not felt the need. config daq_dir: /usr/local/lib/daq config daq_mode: passive config daq: afpacket config daq_var: buffer_size_mb=1024 - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQmN+rAAoJELhVoVpEMS6R9kEH/jRDsO2bBehPBqr8KprDIcdC 3yberT5V1AXZ9fw1CCr0NwDkCsBpRTvr0mKTt7PMwwofvlUAmykaVPs6K+2tvyXh vLYHGzizGjb/nzhCUIKafowa6n9ntrw5gcMu4eZJVvwc6cf/pGHc4MQchvrcT3v8 SmfkFIuz6oFdS/KGGuKDRu5f7j1a/BdCb1kHC7P9sgCQmbenL0gmalzW833RbpGD psUANK5+m1vtRcgsk7jWx0gW82PN/lHHM7ImZKzkEEJy3JANJx9TuqTIp+4OAwIw 4C9moEVAAg0TaSSuVByJhPK0xlzhE0JzrcYysmm1OqC83r3yFCTf8hjDrXdHc60= =YOMg -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pfring and traffic splitting Greg Williams (Nov 05)
- Re: pfring and traffic splitting Jack (Nov 05)
- Re: pfring and traffic splitting Greg Williams (Nov 05)
- Re: pfring and traffic splitting Peter Bates (Nov 06)
- Re: pfring and traffic splitting Greg Williams (Nov 06)
- Re: pfring and traffic splitting Jefferson, Shawn (Nov 06)
- Re: pfring and traffic splitting Joel Esler (Nov 06)
- Re: pfring and traffic splitting beenph (Nov 06)
- Re: pfring and traffic splitting Greg Williams (Nov 07)
- Re: pfring and traffic splitting Joel Esler (Nov 07)
- Re: pfring and traffic splitting Greg Williams (Nov 07)
- Re: pfring and traffic splitting Greg Williams (Nov 07)
- Re: pfring and traffic splitting waldo kitty (Nov 07)
- Re: pfring and traffic splitting Joel Esler (Nov 08)
- Re: pfring and traffic splitting Greg Williams (Nov 05)
- Re: pfring and traffic splitting Jack (Nov 05)