[Oisf-users] Percentage of dropped packets

Tue May 29 15:44:15 UTC 2012

Is there something else I need to do - or is there some way the
ethtool settings work with the settings in the suricata configuration?

>> tcp.stream_depth_reached  | AFPacketeth61             | 1 
>> tcp.reassembly_memuse     | AFPacketeth61             | 15422350
>>  tcp.reassembly_gap        | AFPacketeth61             | 4894
> 
> This is an indicator for packet loss. It indicates missing packets
> in TCP streams. It is possible that it's caused by the invalid
> checksums above as well though.

Running the script Chris provided (a wrapper round ethtool -S):

2012-05-29 16:40:26 - Pkts: 262913600, Lost: 0, 0/10 %, Pkts/s:
317592, Mb/s: 1875, Lost/s: 0, FSize 773
2012-05-29 16:40:36 - Pkts: 266014130, Lost: 0, 0/10 %, Pkts/s:
310053, Mb/s: -1469, Lost/s: 0, FSize -621
2012-05-29 16:40:46 - Pkts: 269054018, Lost: 0, 0/10 %, Pkts/s:
303988, Mb/s: 1780, Lost/s: 0, FSize 767

I don't entirely understand the negative values I'm getting here.

And using his wrapper around the Suricata stats.log:

Date: 1/13/2012 -- 15:10:51 (uptime: 0d, 00h 01m 16s) : 7 secs, 37533
pkts/s, 163 Mb/s, 2534 gaps, 21 gaps/s    262732
Date: 1/13/2012 -- 15:10:57 (uptime: 0d, 00h 01m 22s) : 6 secs, 45241
pkts/s, 215 Mb/s, 2735 gaps, 33 gaps/s    271449

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPxO7PAAoJELhVoVpEMS6RlFkH/1Fp2jmtAEB98XdOIJk0SC+c
sxPJjBEYB+f4jHjx/VklxoUVmhpEtgFWD0qBvvoUNAcFBLC9wJpktApMjeEYq4Ex
eD/+w+H8em/lCb85JYppP0FSJxScEZziwJLW7OPrVTfeRadoUrcfaNj1Z9oluuEo
eqGV7JZNhRszQPDr4MQBhNMTqzNnfzHI6N/N55aMoQvYSgwzIyc9AmoprV5I6OcV
+eNm5B42JjssCAuyT9dSDmpNvma2ZlS1EBcT/o7mEuIEGjKRGQyBQTvUV7AFGT3m
iOi72t+5E9qxb8v5l0fVqhewyFjKv1OFLu4WBfGJk0/5R2qMKYNtsQlAGEh3WqQ=
=gBn3
-----END PGP SIGNATURE-----