Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Wacky perfmonitor numbers

from [Briggs, Bruce] Network Security [Permanent Link]
Subject: RE: [Snort-users] Wacky perfmonitor numbers
Date: Tue, 24 May 2005 12:49:08 -0400 
I'm impressed.
You managed to drop WAAAAY more than 100% of the packets!!

These stats can not be correct.

Bruce 

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Gary
Richardson
Sent: Tuesday, May 24, 2005 11:52 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Wacky perfmonitor numbers

Hey guys,

I'm currently testing out snort. My test box is a 1GHz P3 with 512MB
of ram. I'm monitoring a 100mbit port. It averages 4.5mb/s but does
peak up to the full 12mb/s.

This is a very untuned box. It's not what I plan on running with in
production, it's just for testing out the web interfaces and getting a
handle on our network needs. I totally expect to get packet lose with
this setup.

That being said, I don't expect perfmonitor to dump out numbers like
this:

Snort Realtime Performance  : Fri May 20 11:04:38 2005
--------------------------
Pkts Recv:   177339
Pkts Drop:   18446744073709550519
% Dropped:   10401966896006828.00%

My perfmonitor directive looks like this:

preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats
pktcnt 10000 console

I'm running snort 2.3.3, built from the src rpm from snort.org. It's a
RHEL4 box.

Also, is there a replacement for perfstats.c?

Thanks.


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=fad-ysdn-ostg-q22005
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit 
http://developer.yahoo.net/?fr_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Wacky perfmonitor numbers, Gary Richardson
Next by Date:  Re: [Snort-users] Wacky perfmonitor numbers, Gary Richardson
Previous by Thread:  Re: [Snort-users] Wacky perfmonitor numbers, Gary Richardson
Next by Thread:  Re: [Snort-users] Wacky perfmonitor numbers, Gary Richardson
Indexes:  [Date] [Thread] [Top] [All Lists]