[Bro] Linux Kernel dropping a lot of packets
rreitz at fnal.gov
Tue Mar 13 12:23:59 PDT 2007
At this point, I remembered Jason Lee's advice to tune the Linux
kernel. He suggested this link
So I did ...
[root at rhyolite bro-1.2.1]# cat /proc/sys/net/core/rmem_default
[root at rhyolite bro-1.2.1]# echo 33554432 > /proc/sys/net/core/
[root at rhyolite bro-1.2.1]# echo 33554432 > /proc/sys/net/core/rmem_max
[root at rhyolite bro-1.2.1]# echo 10000 > /proc/sys/net/core/
[root at rhyolite bro-1.2.1]# /sbin/sysctl net.core.rmem_max
net.core.rmem_max = 33554432
OK, this looks like progress. I tried the same tcpdump as above.
Now I see ...
121 packets captured
149216 packets received by filter
121673 packets dropped by kernel
Before the 'tune', the kernel was dropping 99.8%. After the tune,
it's dropping 81.5%. Not much better. No fair to suggest I drop
Linux for FreeBSD!
Please ignore the previous email with this subject.
The kernel 'tuning' above seems to be working. Bro is now running
and the logs are filling up. Bro is consuming 100% of one CPU.
Computer Security Team
More information about the Bro