RE: [Snort-users] 2.1.3rc1 Performance RESULTS
This is a discussion on RE: [Snort-users] 2.1.3rc1 Performance RESULTS within the Snort forums, part of the System Security and Security Related category; Hi Gary, thanks for the fine results. I already suspected some errors in the old libpcap statistics since so many ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-22-2004
|
|||
|
|||
RE: [Snort-users] 2.1.3rc1 Performance RESULTS
Hi Gary,
thanks for the fine results. I already suspected some errors in the old libpcap statistics since so many people were reporting of high traffic sniffing without packet loss... > Can someone from sourcefire/snort team comment on how the performance > statistics (both perfmon processor and after receiving a USR1 signal) are > created? How reliable are they? Do they report just what they receive > from libpcap, or would they report as "dropped" packets that they received > from libpcap, but couldn't process for whatever reason. No, snort only reports the statistics of libpcap, snort never drops packets by itself. Depending on the load and rules which have to been tested it can happen that snort takes for some packets longer to analyze than for others. Especially if many rules have to been checked and no rule matches... Best regards Dirk ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
