On Mon, Nov 27, 2006 at 07:57:04AM -0700, Bamm Visscher wrote:
>
> Do try a newer version, there are known statisic issues with Linux and
> older versions of libpcap.
>
> Bammkkkk
Thanks.
Building libpcap 0.9.5 and linking against snort did the trick:
*** Caught Usr-Signal
Snort ran for 0 Days 5 Hours 21 Minutes 46 Seconds
Packet analysis time averages:
Snort Analyzed 3520 Packets Per Hour
Snort Analyzed 54 Packets Per Minute
Snort Analyzed 0 Packets Per Second
Snort received 17604 packets
Analyzed: 17603(99.994%)
Dropped: 0(0.000%)
Outstanding: 1(0.006%)
===============================================================================
Breakdown by protocol:
TCP: 13131 (74.595%)
UDP: 573 (3.255%)
ICMP: 84 (0.477%)
ARP: 3815 (21.672%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
FRAG: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 31
LOGGED: 31
PASSED: 0
===============================================================================
TCP Stream Reassembly Stats:
TCP Packets Used: 13131 (74.595%)
Stream Trackers: 575
Stream flushes: 22
Segments used: 41
Segments Queued: 42
Stream4 Memory Faults: 0
===============================================================================
Many thanks,
Andreas.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|