[Oisf-users] not really

Cooper F. Nelson cnelson at ucsd.edu
Mon Mar 24 16:44:09 UTC 2014

Hash: SHA1

To be honest I think that article may be flawed, if you are not
explicitly disabling all offloading on the Intel NIC then suricata is
only processing about 4k of each flow (and not recording dropped
packets).  But without seeing the configuration of the NIC I can't say
for sure.

Anyway, Peter Manev has an updated guide:

> http://pevma.blogspot.se/2013/12/suricata-and-grand-slam-of-open-source.html

I've also had problems in the past with the Intel NIC getting 'borked'
in some way which caused problems.  Usually just reloading the module
fixed this.  In more than one case I did have to reboot, so you might
want to try that as a sanity check.

- -Coop

On 3/24/2014 8:43 AM, Travel Factory S.r.l. wrote:
> On Mon, 24 Mar 2014 08:01:47 -0700
>  "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
>> Could you try the latest 2.0 release candidate?
> Yes, I will try in next days but the article on the 10gb test is dated
> July 30 2012...
> And they could work at a 9.5gb sustained rate!
> Which is the "magic" that made the system store 100+ tests without
> problems in a 2 hour period and then, after stopping and running
> suricata again in a couple of minutes, starting to fail ?
> Can it be that I don't get all the packets from the lan box?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the Oisf-users mailing list