Metaflows Google Group

Re: [MetaFlows] DAQ Compile issue

2012-11-13T08:11:48Z

I just tried:

cd daq-0.6.2; chmod 755 configure; export
LD_LIBRARY_PATH=$LD_LIBRARY_PA TH:/usr/local/lib; export
LIBS='-L/usr/local/lib -lpcap -lpthread'; ./configure
--disable-nfq-module --disable-ipq-module
--with-libpcap-includes=/usr/l ocal/include
--with-libpcap-libraries=/usr/ local/lib

DAQ Compile issue

2012-11-13T06:53:55Z

When I pass
the --with-libpfring-includes=/usr /local/include/ --with-libpfring-libraries=/us r/local/lib
options on the configure command I get back:
configure: WARNING: unrecognized options: --with.....
I have looked lots of versions and not of them have this option in the
configure file - what am I missing ?

Fwd: 回复：回复： question about IPS with PF_RING

2012-03-14T04:46:43Z

-------- Original Message --------
Reply-To: s f <fangl...@yahoo.com.cn>
To: livio Ricciulli <li...@metaflows.com>
hello,livio.I test it successly ,thank you for you help.
______________________________ __
发件人： livio Ricciulli <li...@metaflows.com>
收件人： s f <fangl...@yahoo.com.cn>
发送日期： 2012年3月14日, 星期三, 上午 1:15

Re: [MetaFlows] Drop rate

2012-03-07T08:05:50Z

Hi Livio,
Mmm, I didnt notice. We were using 0,5% and thus were getting much
lower results !!
Ok
I fully agree here
As related to public traces, the best listing we were able to find was:
[link]

Re: [MetaFlows] Drop rate

2012-03-06T21:19:04Z

It is arbitrary; but as you can see from our graphs we use <5% as the
threshold.
The other thing is that you should measure sustained throughput so that
you fill up all the buffers.
We measure total packets transmitted at a constant rate V.S. total
packets processed/forwarded over traces long enough to reduce

Re: [MetaFlows] Drop rate

2012-03-06T20:56:03Z

Hi Livio,
If packet drop was 0 why stop at that level?
Of course we see 0 drop rate at low speeds, I'm asking when should be
considered a test has failed, 0,5%, 1%?
Enviado desde mi iPhone

Re: [MetaFlows] Drop rate

2012-03-06T20:40:57Z

In some cases we were seeing 0 drop.

Drop rate

2012-03-06T20:14:01Z

Hi all,
I have noticed snort drops packets even at moderate packet per second rates
May I ask the published results what kind of limit to drop rate were
considered?
Enviado desde mi iPhone

Re: Measuring performance

2012-02-24T02:44:01Z

The best way to measure pfring performance is to compare the RX PACKET
counts from the input interface
(or your generator) with the sum of all the Tot Packets counts in the
files /proc/net/pf_ring/*eth* with the same 'Cluster Id'
These proc files are dynamically created and deleted as new processes

Measuring performance

2012-02-24T00:55:11Z

[link]

I've been reading your blog and following along at home. I have a
working snort multithreaded instance using the current SVN of PF_RING.
What I can't seem to figure out is how much traffic my instance is
handling.

I turned on the snort-stats preprocessor and was looking at the

Metaflows cutting certain traffic

2012-02-13T11:32:28Z

Hi all,
We have noticed a weird behaviour when we use metaflows.
When using metaflows as IPS and enabling SSL or SSH preprocessor, the
sytems cuts all encrypted traffic instead of letting it go through after
a certain ammount of traffic.
Actually, the problem is more or less like this (verified with SSH &

Tt takes a cloud to secure a cloud

2011-12-16T18:14:43Z

If you're thinking of setting up some of your assets in the cloud, you
need to think about how you can do that without compromising your
network security monitoring standards and how you can meet regulatory
compliance regulations. Even if you run an Intrusion Detection (and/or
Prevention) System in your organization or have host-based IDS,

Warning message

2011-11-29T12:52:32Z

Hi all,
When I start Snort using your great pf_ring enhancement I see the
following message:
Acquiring network traffic from "eth4:eth5".
Reload thread starting...
Reload thread started, thread 0x7f3885b41710 (7081)
Checking PID path...
PID path stat checked out ok, PID path set to /var/run/
Writing PID "7081" to file "/var/run//snort_eth4:eth5_bpb r1_1.pid"

Re: [MetaFlows] Snort instances and cores information

2011-11-16T03:49:15Z

I ment remove --daq-mode inline -Q

Re: [MetaFlows] Snort instances and cores information

2011-11-16T03:47:10Z

Also, If you only use one interface (passive mode) remove the daq-var inline -Q arguments

Metaflows Google Group

Re: [MetaFlows] DAQ Compile issue

DAQ Compile issue

Fwd: 回复： 回复： question about IPS with PF_RING

Re: [MetaFlows] Drop rate

Re: [MetaFlows] Drop rate

Re: [MetaFlows] Drop rate

Re: [MetaFlows] Drop rate

Drop rate

Re: Measuring performance

Measuring performance

Metaflows cutting certain traffic

Tt takes a cloud to secure a cloud

Warning message

Re: [MetaFlows] Snort instances and cores information

Re: [MetaFlows] Snort instances and cores information

Fwd: 回复：回复： question about IPS with PF_RING