Hi, We are using Snort on Linux in the binary packet capture mode (capture and log in tcpdump format). We find packet drops even at 5 Mbps bandwidth which we feel is very low for the hardware we are using. We would be grateful if you can provide any suggestions on the issue. Hardware used: HP Proliant DL 140 G2. Dual processor, processor speed 2.8 GHz with 512MB RAM and 72 GB SATA HDD, Gigabit network card. Operating system: Red Hat Enterprise Linux ES Version 3. Snort version: Snort 2.3.0 The OS is a default installation. We are not running any software other than snort on the system. Observations: We find that the drop is related to HDD writes. If there are no hard disk writes, then there is no drop even at 80 Mbps. We tested this by using a rule in snort which rarely matches, so that snort hardly logs any packets. We also found that the drop increases when the I/O is high, irrespective of whether it is being done by the same process (snort) or a totally unrelated one. We created a high I/O scenario by doing copy of a huge file (3GB) periodically while snort is running. Even this triggered packet drops. So, to summarize, we see packet drops in sniffing whenever there is disk I/O happening. We do not suspect the HDD of the machine, as we were able to simulate the problem in two other totally different systems also. Regards, Sonali -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
