100% Outstanding - what does that mean?

[Bryan Arenal <b.arenal () gmail com>]

I just set up a new sensor and when checking its performance
statistics, I am seeing a couple of the interfaces with Outstanding at
100%.  Here's the output from one of the interfaces:

Aug  9 06:56:54 spock snort[1536]:
===============================================================================
Aug  9 06:56:54 spock snort[1536]: Packet I/O Totals:
Aug  9 06:56:54 spock snort[1536]:    Received:    202781012
Aug  9 06:56:54 spock snort[1536]:    Analyzed:            0 (  0.000%)
Aug  9 06:56:54 spock snort[1536]:     Dropped:            0 (  0.000%)
Aug  9 06:56:54 spock snort[1536]:    Filtered:            0 (  0.000%)
Aug  9 06:56:54 spock snort[1536]: Outstanding:    202781012 (100.000%)
Aug  9 06:56:54 spock snort[1536]:    Injected:            0
Aug  9 06:56:54 spock snort[1536]:
===============================================================================

What exactly does that mean?  A google search shows a February email
from Matt Watchinski saying, "Outstanding means that packets never got
out of the ethernet card before they got dropped.  IE pcap didn't get
to them before they disappeared."  But the README.counts in the 2.9.0
beta documentation says "Outstanding indicates how many packets are
buffered awaiting processing."  So I suppose I'm a bit confused.  If
they're buffered, pcap has gotten to them, correct?  Can I see why
100% of them are buffered and not processing?

Regards,

Bryan

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users