Re: Snort IPS - slow file transfer problem

[wkitty42 () windstream net]

On 06/15/2016 07:59 AM, Anton Bezkrovny wrote:
> Hello!
>
> I have faced a problem of low speed of files copying during Snort realization in
> the IPS mode.
>
> The file is copied from one computer to another, communication between them is
> provided through Snort bridge.

what are the specs of the snort bridge? CPU, RAM, NICs being the most 
important... what we're looking for is a bottleneck... maybe the CPU is in high 
usage during the file transfer or possibly you have a lot of swap being used... 
consumer-grade NICs generally rely on the CPU to do the heavy lifting of data 
moving whereas server-grade NICs do that heavy lifting on their own which leads 
to faster processing...

assuming your snort bridge is a *nix box, what does your resource consumption 
look like?

   free -m; echo; top -n 1 -b | head -n 5


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!