Snort mailing list archives
Re: snort option [-n packet-count ]
From: ratheesh kannoth <ratheesh.ksz () gmail com>
Date: Fri, 23 May 2014 09:13:10 +0530
On Thu, May 22, 2014 at 7:55 PM, Steve Sturges (ststurge) <ststurge () cisco com> wrote:
Yes, one packet at a time. Once snort is finished with a packet, it returns from callback to the daq module and waits for next packet.
SourceFire production systems also uses same design ?. It looks like one packet at a time wont give much performance
That is up to the daq module... Basically If inline, that is the id (arbitrary per daq module) of the interface where packets are sent out. If passive, it isn't set.
Could you pls explain a little bit more here ? Even if we configure it as inline , verdict is made for each packet . So we know from where the packet has come and where it has to go. ? I agree that if packet is put into DAQ layer using daq_reinject routine (by snort ) , may be we dont have those ( egress and ingress interface info ). I am not very sure on this statement ?
-Ratheesh ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort option [-n packet-count ] ratheesh kannoth (May 21)
- Re: snort option [-n packet-count ] Steve Sturges (ststurge) (May 22)
- Re: snort option [-n packet-count ] ratheesh kannoth (May 22)
- Re: snort option [-n packet-count ] Steven Sturges (May 22)
- Re: snort option [-n packet-count ] ratheesh kannoth (May 22)
- Re: snort option [-n packet-count ] Steve Sturges (ststurge) (May 22)