Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] QUESTION: use Snort to benchmark silicon

from [Matthew Watchinski] Network Security [Permanent Link]
Subject: Re: [Snort-users] QUESTION: use Snort to benchmark silicon
Date: Fri, 13 Jul 2007 10:38:09 -0400 
There isn't really a De-facto way.  You can, however, utilize devices
like SmartBits and Avalanche from Spirent, or the new BreakingPoint
Systems devices to develop consistent performance test beds.

http://www.bpointsys.com/
http://www.spirent.com/

This however, may not do what you want under most conditions.  These
devices are designed to test IPS/IDS systems and how they handle
traffic, they really aren't designed to test hardware performance.

It is possible, however, to utilize these devices to do comparisons
between hardware platforms.  You just need to be very careful about what
software and configuration differences you have between each platform
and account for those differences in your testing.

There is also RFC 2544 - Benchmarking Methodology for Network
Interconnect Devices.  That might be of some use to you.

Cheers,
-matt

Chu Chen-Chau-ra9643 wrote:

Dear Folks:

I am a newbie for Snort and appreciate every bit of help.

I wonder if there is some sort of de facto or established way of
using Snort to benchmark the underlying devices (chips, systems, etc.)
using a fixed source (say, pcap file for playback ?) or certain
composition of packet streams to be pumped by network testers ?

My concern is about how different processors/chips/platforms can execute
Snort in a tightly controlled environment for silicon benchmarking.

It is NOT about:

   (1) to judge if another security appliance or software 
   is better or worse than Snort in terms of catching offenses
   or how robust they are.

   (2) How Snort itself has improved over time and runs faster
   now.

If you are interested in what I am trying to do, please 
let me know what concerns you have in carrying out such a
benchmark comparison.

Thanks for your help.

Chu

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] [Snort-users] Snort rule to detect Windows PE Executable Downloads, Will Metcalf
Next by Date:  [Snort-users] Threshold-Local None snort-2.7, Jeffrey Denton
Previous by Thread:  [Snort-users] QUESTION: use Snort to benchmark silicon, Chu Chen-Chau-ra9643
Next by Thread:  [Snort-users] Threshold-Local None snort-2.7, Jeffrey Denton
Indexes:  [Date] [Thread] [Top] [All Lists]