[Oisf-users] Inconsistent packet dropped behaviour with the same config on several nodes
Peter Manev
petermanev at gmail.com
Wed Sep 12 14:16:18 UTC 2018
On Wed, Sep 12, 2018 at 10:57 AM Magmi A <magmi.sec at gmail.com> wrote:
>
>
>> > * Node1 receives ~ 500Mbps of traffic (it's 1Gbps interface), and gets in average 1-2% kernel packet dropped
>> > while
>> > * Node2 receives ~ 500kbps of traffic and gets in average 10% kernel packet dropped
>>
>> What is different between node 1 and node 2 ? (same config/same
>> suricata/same HW/same rules...?)]
>
>
> The nodes have the same HW, run the same config/ suricata version, have the same set of rules.
>
> The only difference is that they are exposed to different sources of traffic.
> From Wireshark analysis the protocol hierarchies for both cases seem similar - there is no spectacular difference.
>
> So really the only difference is the captured traffic itself (MACs, IPs, partly protocols, data etc).
>
> That is why we have such a problem how to approach the problem and troubleshoot it.
Can you share full update of the latest stats.log ?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list