[Bro] Bro drop packets while not using CPU at full capacity
Hashem Alaidaros
aidaros.dev at gmail.com
Fri Jun 24 16:45:13 PDT 2016
Hi All
I use Bro for my PhD research, I add scripts in Bro and then see the CPU
and packet drop rate, using @load stats.bro. I'm using Bro 2.3 with
standard libcap.
I use tcpreplay from Machine A to replay the pre-captured traffic into Bro
multi-core machine B through port mirror switch. I replay the traffic from
100 to 1000 Mbps , When reach 200 Mbps and onward, packet start drop and
increases. Surprisingly, the CPU is not fully utilized, CPU still 40%
usage. What we know is that drop packet resulted from CPU full load, but in
our case CPU still less than 50%, so My question, what is the cause of
this packet drop? Is it normal?
Best regards
Aidaros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160625/76f79a94/attachment.html
More information about the Bro
mailing list