Snort mailing list archives
Re: Average delay per packet observation
From: Steven Sturges via Snort-devel <snort-devel () lists snort org>
Date: Wed, 5 Jul 2017 07:43:20 -0400
Rules are not processed sequentially. Your expectations should depend on the nature of the
individual rules themselves. On 7/4/17 10:16 AM, Navdeep Uniyal wrote:
Hello everyone,I got some interesting results running snort (inline) for experiment with 80, 40, 20, 10 number of rules:All rules are matching all the incoming UDP packets. Below are the average delay per packet I found in the 4 experiments:80 rules: Average delay: 0.000680666813409 seconds 40 rules: Average delay: 2.06440535385e-08 seconds 20 rules: Average delay: 1.6644513569e-08 seconds 10 rules: Average delay: 1.43723338507e-08 secondsThese results are quite confusing as I expect, on decreasing from 80 to 40 rules the average delay should be approximately halved. But I can’t see such behavior here.What could be the possible reason, if someone could explain. Best Regards, *Navdeep* _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Average delay per packet observation Navdeep Uniyal (Jul 04)
- Re: Average delay per packet observation Steven Sturges via Snort-devel (Jul 05)
- Re: Average delay per packet observation Navdeep Uniyal (Jul 07)
- Re: Average delay per packet observation Patrick Mullen (Jul 07)
- Re: Average delay per packet observation Navdeep Uniyal (Jul 07)
- Re: Average delay per packet observation Steven Sturges via Snort-devel (Jul 07)
- Re: Average delay per packet observation Navdeep Uniyal (Jul 07)
- Re: Average delay per packet observation Steven Sturges via Snort-devel (Jul 07)
- Re: Average delay per packet observation Navdeep Uniyal (Jul 10)
- Re: Average delay per packet observation Navdeep Uniyal (Jul 07)
- Re: Average delay per packet observation Joshua Kinard via Snort-devel (Jul 07)
- Re: Average delay per packet observation Steven Sturges via Snort-devel (Jul 05)