[Discussion] Suricata performance over pcap

• Next message (by thread): [Discussion] Suricata performance over pcap
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
I'm Sangwoo Moon from Korea.

I'm trying to measure the performance of Suricata.
I have 10G network environment, highly optimized 10Gbps TCP/UDP packet 
generator.
My IDS machine has 12-core CPU.

I measured the performance of Suricata over pcap with no rule files, and 
I received up to 2Gbps of pure receiving performance.
However, I also ran Snort over pcap in same machine, it shows almost 
10Gbps performance.

This is what I got in console.
[22494] 14/1/2011 -- 22:23:35 - (source-pcap.c:437) <Info> 
(ReceivePcapThreadExitStats) -- (ReceivePcap) Pcap Total:17667565 
Recv:9450855 Drop:8216710 (46.5%).

I think that it says there is about 50% drop rate in pcap layer. I 
wonder Suricata affects pcap layer whereas Snort doesn't.
Can anybody give me some advice?

Thanks.

Regards,
Sangwoo Moon

-- 
-Sangwoo

• Next message (by thread): [Discussion] Suricata performance over pcap
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]