[Oisf-users] Causes for Dropped Packets
Peter Manev
petermanev at gmail.com
Tue Jan 31 14:04:14 UTC 2017
On Sun, Jan 29, 2017 at 4:06 PM, Charles DeVoe <scarecrow_57 at yahoo.com> wrote:
> I have several sensors monitoring large bandwidth pipes (1G < bandwidth <
> 10G), These sensors have in excess of 40 cores 64 GB of memory. Monitoring
> activity with htop I see that the processors are hardly working and memory
> is less than 50% used. Yet I still see capture.kernel_drops. I am
> wondering what exactly are the reasons that I get these. I have looked at
> the paper written by Michal Purzynski and Peter Manev "Suricata Extreme
> Performance Tuning" (Great paper guys, Thanks) and see in the end they
> still have 0.00137% drops, what are causing those???
Besides the points in the section "Packet Drops" that can contribute
to drops - there could be retransmissions/reassembly gaps/ssn,segment
and dns global or state memcap hits etc... contributing to the loss.
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list