[Bro] Bro performance issues
Justin Azoff
JAzoff at albany.edu
Mon Oct 31 06:22:50 PDT 2011
On Sun, Oct 30, 2011 at 11:46:16AM +0200, Tomer Teller wrote:
> Hey all,
>
> I am testing Bro's performance using tcpreplay for some project of mine.
>
> I am using a packet capture of 680000 packets using different rates to
> check for packet loss.
>
> tcpreplay -i eth0 --mbps=X 680000.pcap (where X = 1000,500,100,10)
...
> Bro on the other hand, doesn't see all 680000, he sees around 540,000.
As a sanity check, what does bro report if you run it with something
like this:
'bro -f ip -C -r 680000.pcap your_counter_policy.bro'
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list