 | | | Linux packet drops | Linux packet drops 2005-06-21 - By Senthil Prabu.S
Back
Upgrade to 2.3.3, it have vital fixes to portscanners and so much enhanced.
Even this can help U sometimes :-).
I guess the problem may be with libpcap. what version of libpcap are you using.
Please use libpcap-0.8.3. Becasue, this can bealso main casue for packets loss.
Any older libpcap versions have problems on linux and also results in packet
loss.
--
Senthil Prabu.S
We are using Snort on Linux in the binary packet capture mode (capture
and log in tcpdump format). We find packet drops even at 5 Mbps
bandwidth which we feel is very low for the hardware we are using. We
would be grateful if you can provide any suggestions on the issue.
Hardware used:
HP Proliant DL 140 G2. Dual processor, processor speed 2.8 GHz with
512MB RAM and 72 GB SATA HDD, Gigabit network card.
Operating system: Red Hat Enterprise Linux ES Version 3.
Snort version: Snort 2.3.0
The OS is a default installation. We are not running any software
other than snort on the system.
Observations:
We find that the drop is related to HDD writes.
If there are no hard disk writes, then there is no drop even at 80
Mbps. We tested this by using a rule in snort which rarely matches, so
that snort hardly logs any packets.
We also found that the drop increases when the I/O is high,
irrespective of whether it is being done by the same process (snort)
or a totally unrelated one. We created a high I/O scenario by doing
copy of a huge file (3GB) periodically while snort is running. Even
this triggered packet drops.
So, to summarize, we see packet drops in sniffing whenever there is
disk I/O happening.
We do not suspect the HDD of the machine, as we were able to simulate
the problem in two other totally different systems also.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Earn $52 per hosting referral at Lunarpages.
|
|
|