RE: SNORT DROPPING PACKETS

["Crow, Owen" <Owen_Crow () bmc com>]

> -----Original Message-----
> From: Phil Wood [mailto:cpw () lanl gov]
> Sent: Wednesday, January 02, 2002 6:35 PM

[snip]

> Well, if /usr/include/linux/if_packet.h has PACKET_STATISTICS and you
> have chosen the correct options when building the kernel, you 
> might get
> the attached patch to work.
>
> Let me know how it goes.

I removed the daily version of libpcap and removed the compile directory so
snort would not use it.

I unpacked a fresh copy of libpcap-0.6.2 and applied your patch with "patch
-p1 < libpcap-0.6.2-patch".  Configured, compiled and installed.

Then I went to my snort-1.8.3 directory, "make distclean", "./configure",
"make", "make install" and reran as before.

It still resets the stats at every SIGUSR1, but I can live with that.  Maybe
this should go in the FAQ (along with an entry telling everyone about
SIGUSR1 in the first place).

I'm going to hook up both sensors side-by-side on a hub and see how they
compare.  Results to follow under a new subject.

Thanks again for all your help,
Owen

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users