Re: [Snort-users] Perfmonitor / BPF Question
This is a discussion on Re: [Snort-users] Perfmonitor / BPF Question within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Rob, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008
|
|||
|
|||
Re: [Snort-users] Perfmonitor / BPF Question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Rob, BPF is a prefilter for Snort, packets that get filtered by BPF aren't seen by the Snort engine at all. -Marty On Jan 16, 2008, at 10:03 AM, Rob Sharp wrote: > I have a sensor deployed with a BPF file to filter out our network > vulnerability scanners to keep the noise down. I notice when the > scanner makes a sweep that the dropped packets increase quite a bit. > > My question is does the perfmonitor count packets dropped by the BPF > in the stats it tracks? That would explain the jumps in packet loss. > > -- > Robert Sharp > robertsharp@gmail.com > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse01200...______________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users - - - -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjihIqj0FAQQ3KOARApaKAJ9r6LaUP5YkPDJ18w5n1P ZSe8hx0gCdFqeA LZveNk0RqrwPKHXVah+JC5U= =fjl+ - - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjihUqj0FAQQ3KOARAnhVAJ95j07gEU62wXeXfBu9nB Exd2GZmACdHVlz 4GTjS+T7kl9GEYm64WDPH9M= =WgWN - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFHjiheqj0FAQQ3KOARAlORAJ97mmFBFRD79I9TQ9hQHd Ak8zPlfwCdEuuz O4PruH2sYPlmLjPZh1GtEis= =n+8W -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
