Hi,<br><br>I just tested suricata inline mode without pf_ring feature. <br>My NIC is intel 1Gbps NIC. <br>I used netperf TCP_MAERTS as my benchmark. <br>When I removed all rules, I supposed suricata should run up to 941 Mbps which was what I observed in snort. <br>
However, I could only see around 700 Mbps. And with the default rule set which I downloaded from <a href="http://emergingthreats.net">emergingthreats.net</a>, the throughput became 4xx Mbps. The strange thing was all CPUs were not saturated. (intel core i7).Thus, I supposed the cpus were not the bottleneck. But why it couldn't saturate the bandwidth?<br>
Any idea?<br>Thanks. <br><br>Tommy<br>