[Oisf-users] Inconsistent packet dropped behaviour with the same config on several nodes
Magmi A
magmi.sec at gmail.com
Wed Sep 12 08:57:03 UTC 2018
> > * Node1 receives ~ 500Mbps of traffic (it's 1Gbps interface), and gets
> in average 1-2% kernel packet dropped
> > while
> > * Node2 receives ~ 500kbps of traffic and gets in average 10% kernel
> packet dropped
>
> What is different between node 1 and node 2 ? (same config/same
> suricata/same HW/same rules...?)]
>
The nodes have the same HW, run the same config/ suricata version, have the
same set of rules.
The only difference is that they are exposed to different sources of
traffic.
>From Wireshark analysis the protocol hierarchies for both cases seem
similar - there is no spectacular difference.
So really the only difference is the captured traffic itself (MACs, IPs,
partly protocols, data etc).
That is why we have such a problem how to approach the problem and
troubleshoot it.
Best,
magmi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180912/e991b146/attachment-0001.html>
More information about the Oisf-users
mailing list