[Bro] Packet Drops
hammadog at gmail.com
Thu May 10 06:05:17 PDT 2012
Well that does seem exciting, but at the time we were running around
13mbps and no we are not running pf_ring. Here is a snipet of the log
when we were running close to 100mbps.
#fields ts ts_delta peer gaps acks percent_lost
#types time interval string count count string
1336586727.588158 900.000168 bro 289518 644040 44.953%
1336587627.588220 900.000062 bro 306102 746812 40.988%
On Thu, May 10, 2012 at 8:25 AM, Seth Hall <seth at icir.org> wrote:
> On May 9, 2012, at 8:32 PM, Tom OBrion wrote:
>> #fields ts ts_delta peer gaps acks percent_lost
>> #types time interval string count count string
>> 1336608708.135106 900.000206 bro 996 721708 0.138%
>> 1336609608.135122 900.000016 bro 805 705801 0.114%
> Now that actually looks really nice. Did you say that you are running PF_Ring? I trust the data from the NIC even less when using any of the various things that bypass the normal OS data flow (but I'm not saying that's a bad thing!).
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
"Life is too short to spend time with people who suck the happy out of you."
More information about the Bro