argus and snort ?
Carter Bullard
carter at qosient.com
Mon Sep 11 07:41:55 EDT 2000
Hey Russell,
The drop stats are generated by libpcap, so if there are
problems, especially in the libpcap, the report could be
unreliable.
How are you determining that there is a problem?
Carter
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Russell Fulton
Sent: Monday, September 11, 2000 1:28 AM
To: argus
Subject: argus and snort ?
Hi All,
I have just noticed that one of my argus recorders seems to be
missing packets, the irony is that the one loosing data is a 500MHz
machine and the other is 166MHz.
When I kill the argus suspect argus process it reports:
263828758 packets recv'd by filter
0 packets dropped by kernel
I have recently started running snort on the same machine (a FreeBSD
4.1 box) and I am wondering if there is some interaction that means
that argus is not getting some of the packets.
Any ideas?
Cheers, Russell.
More information about the argus
mailing list