Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Good Gbit card for Snorting?

From: "Abe L. Getchell" <abegetchell () home com>
Date: Sun, 11 Nov 2001 18:52:01 -0500
Hi Jason,

PIII 1.0Ghz, 512MB RAM, Ultra160 disk subsystem and disks, IBM
integrated 10/100 controller for OOB management NIC, and now probably an
Intel Gbit NIC for the sniffing interface.  Much the same config as
Tim's sensor.  Check out the IBM x220's.  I've found they make great
Snort sensors for a decent price... And no, I do not work for, or am
affiliated with, IBM or any of their subsidiaries. =)

While not having been able to test snort running at Gbit speeds on our
production network yet, I can say this config handles a saturated
100Mbit link with an Intel 10/100 sniffing interface quite nicely.  The
processor on the box was pretty well maxed out running with a default
set of snort rules, but when tuned for our environment, dropped
utilization dramatically.  Hopefully I'll be able to report the same
when dropping the box onto a Gbit segment here in the near future.

Thanks,
Abe

--
Abe L. Getchell
Security Engineer
abegetchell () home com



-----Original Message-----
From: Jason Lewis [mailto:jlewis () packetnexus com] 
Sent: Sunday, November 11, 2001 5:08 PM
To: 'Tim Sailer'; 'Abe L. Getchell'
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Good Gbit card for Snorting?


Could you share what the specs are on the box you are using?  
Maybe average traffic and load on the box?

I am looking at building a couple of gig sensors and it would 
be nice to hear what others are doing.  Thanks much.

Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.




-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of 
Tim Sailer
Sent: Sunday, November 11, 2001 4:32 PM
To: Abe L. Getchell
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Good Gbit card for Snorting?


On Sun, Nov 11, 2001 at 03:50:18PM -0500, Abe L. Getchell wrote:

Greetings!

Has anyone run into a particular Gbit card which has worked 

well for 

them under Linux for Snorting?  I've searched on Google, as well as 
other resources, and can't really come up with anything 

except people 

sharing their bad experiences doing so. =)  I tend to lean towards 
Intel, as I've had good experiences in the past with their 10/100 
cards, but I thought I'd check with ya'll to see what the 

collective 

community opinion was.


We've been using the Intel in production for about 3-4 weeks 
now with no problems at all.

Tim

--
Tim Sailer <sailer () bnl gov>
Manager, Cyber Security Operations
Brookhaven National Laboratory  (631) 344-3001

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/s> nort-users

Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: