[Snort-users] Perfmonitor / BPF Question

This is a discussion on [Snort-users] Perfmonitor / BPF Question within the Snort forums, part of the System Security and Security Related category; --===============0152664763== Content-Type: multipart/alternative; boundary="----=_Part_1154_4216886.1200495838256" ------=_Part_1154_4216886.1200495838256 Content-Type: text/plain; charset=ISO-8859-1 ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] Perfmonitor / BPF Question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-16-2008
Rob Sharp
 
Posts: n/a
Default [Snort-users] Perfmonitor / BPF Question
--===============0152664763==
Content-Type: multipart/alternative;
boundary="----=_Part_1154_4216886.1200495838256"

------=_Part_1154_4216886.1200495838256
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I have a sensor deployed with a BPF file to filter out our network
vulnerability scanners to keep the noise down. I notice when the scanner
makes a sweep that the dropped packets increase quite a bit.

My question is does the perfmonitor count packets dropped by the BPF in the
stats it tracks? That would explain the jumps in packet loss.

--
Robert Sharp
robertsharp@gmail.com

------=_Part_1154_4216886.1200495838256
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I have a sensor deployed with a BPF file to filter out our network vulnerability scanners to keep the noise down.&nbsp; I notice when the scanner makes&nbsp; a sweep that the dropped packets increase quite a bit.&nbsp; <br><br>My question is does the perfmonitor count packets dropped by the BPF in the stats it tracks?&nbsp; That would explain the jumps in packet loss.
<br clear="all"><br>-- <br>Robert Sharp<br><a href="mailto:robertsharp@gmail.com">robertsharp@gm ail.com</a>

------=_Part_1154_4216886.1200495838256--


--===============0152664763==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
--===============0152664763==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============0152664763==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:21 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0