[Snort-users] statistics, dropped packets, and counters

Hi all,

I am trying to gather accurate information regarding packet lost when I
use snort.

The point is when I send kill -USR1 signal to snort, trying to gather
some statistics, the dropped packets shown here are related to snort
itself, or to libpcap losts (called from snort)? Is this value reliable?

For example, ntop shows information regarding dropped packets due to
ntop application itself, and dropped packets from libpcap. In some
scenario, I am using pf_ring socket with ntop, and from
/proc/net/pf_ring, I can read libpcap or pf_ring dropping statistics
which fit exactly with those showed by ntop web interface. Does anyone
know from where I can read libpcap dropped statistics in a raw matter
similar to /proc/net/pf_ring ones when using snort and common libpcap?
ie, does libpcap log down any kind of basic or raw statistics? Are they
reliable?

And last question, what about the statistics from this commands:

ip -stats link
cat /proc/net/dev

Are the dropped packets gather from here related in any matter to
dropped packets shown in snort statistics?

Any help will be much appreciate.

Thanks in advance

Jorge

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users