Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Dropped: 236694431 (64.559%) 64% packet loss

From: Pedro Marinho <pppmarinho () gmail com>
Date: Wed, 17 Jun 2009 12:32:00 -0300
Ok Joel i did it. I did run snort with only the web-iis.rules enabled
look at the results =>

at this speed 121110.80 kbits/sec did look at iptraf so it was instantaneous
info

Initializing Network Interface eth2
OpenPcap() device eth2 network lookup:
        eth2: no IPv4 address assigned
Decoding Ethernet on interface eth2

[ Port Based Pattern Matching Memory ]
+-[AC-BNFA Search Info Summary]------------------------------
| Instances        : 6
| Patterns         : 173
| Pattern Chars    : 1962
| Num States       : 1459
| Num Match States : 170
| Memory           :   35.98Kbytes
|   Patterns       :   5.29K
|   Match Lists    :   7.28K
|   Transitions    :   22.90K
+-------------------------------------------------

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.8.0.1 (Build 72)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.
           Using PCRE version: 7.2 2007-06-19

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.6  <Build 11>
           Preprocessor Object: SF_SMTP  Version 1.0  <Build 7>
           Preprocessor Object: SF_SSH  Version 1.0  <Build 1>
           Preprocessor Object: SF_FTPTELNET  Version 1.0  <Build 10>
           Preprocessor Object: SF_DCERPC  Version 1.0  <Build 4>
           Preprocessor Object: SF_DNS  Version 1.0  <Build 2>
Not Using PCAP_FRAMES
*** Caught Int-Signal
Run time prior to being shutdown was 1826.727478 seconds
===============================================================================
Packet Wire Totals:
   Received:    169932050
   Analyzed:    166421746 (97.934%)
    Dropped:      3510142 (2.066%)
Outstanding:          162 (0.000%)
===============================================================================




2009/6/16 Joel Esler <jesler () sourcefire com>


On Jun 16, 2009, at 9:37 AM, Pedro Marinho wrote:

No sir this is only the current rules file.
i mean this file
http://emergingthreats.net/rules/emerging.rules


Turn turning off all rule categories but one.  Say web-iis.rules or
something, and see how your packet drops from there.

--
joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974
[m]



------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: