Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] packet loss

from [Matt Kettler] Network Security [Permanent Link]
Subject: Re: [Snort-users] packet loss
Date: Tue, 28 Sep 2004 13:34:56 -0400
At 10:13 AM 9/28/2004, Larry Wichman wrote:
In the course of my testing of Snort I have averaged about 40% packet loss. I am running Snort on Fedora. The segment I am monitoring is 100 mb and is very busy. Does anyone have any recommendations for tuning Snort to not drop so many packets? Is there any recommendations for hardware? The CPU is running at about 40% and the memory looks fine.


First, I'd make sure your setup is reasonably optimized.

What logging modes are you using? switching to tcpdump or unified packet logging is a HUGE improvement from the default plain text-mode logging.


Then some simple low-cost hardware checks:
Are you digging into your swap partition, or do you have sufficient ram?

What kind of NIC are you using? A Realtek RT8139 is a popular, but very inefficient network controller. Look into something with more efficient DMA alignments (Dec tulip, Intel eepro, etc). The newer gigabit realtek 8169 part is fairly reasonable from what I hear, but I've not tested it.




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Snort startup problem, Jeff Lanzarotta
Next by Date:  Re: [Snort-users] Tagged Packet, Dirk Geschke
Previous by Thread:  Re: [Snort-users] packet loss, sekure
Next by Thread:  RE: [Snort-users] packet loss, Marc Norton
Indexes:  [Date] [Thread] [Top] [All Lists]