[Bro] Packet Drops
Tom OBrion
hammadog at gmail.com
Thu May 10 06:05:17 PDT 2012
hehe
Well that does seem exciting, but at the time we were running around
13mbps and no we are not running pf_ring. Here is a snipet of the log
when we were running close to 100mbps.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path capture_loss
#fields ts ts_delta peer gaps acks percent_lost
#types time interval string count count string
1336586727.588158 900.000168 bro 289518 644040 44.953%
1336587627.588220 900.000062 bro 306102 746812 40.988%
On Thu, May 10, 2012 at 8:25 AM, Seth Hall <seth at icir.org> wrote:
>
> On May 9, 2012, at 8:32 PM, Tom OBrion wrote:
>
>> #fields ts ts_delta peer gaps acks percent_lost
>> #types time interval string count count string
>> 1336608708.135106 900.000206 bro 996 721708 0.138%
>> 1336609608.135122 900.000016 bro 805 705801 0.114%
>
>
> Now that actually looks really nice. Did you say that you are running PF_Ring? I trust the data from the NIC even less when using any of the various things that bypass the normal OS data flow (but I'm not saying that's a bad thing!).
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
--
Tom O'Brion
TEL: 207.210.2167
Skype:
"Life is too short to spend time with people who suck the happy out of you."
More information about the Bro
mailing list