My simulate environment below :
Bro 1.2, load local.lite.bro, run in linux fedora 5, Bros ip is 192.168.0.1, and replay tcpdump files machine is 192.168.0.3.
I use tcpreplay to replay Darpa 2000 LLDOS 1.0 DMZ dumpfile to Bro`s machine in real close network.
My question is: In info.localhost.06-12-27_13.16.39 file , I find a lots of packets be droped, why? is it right? if not, and how to improve it?
Thanks your help!!
Gita in NTUST
tcpreplay command is below:
tcpreplay LLDOS_1.0_dump_file -i 192.168.0.3
In info.localhost.06-12-27_13.16.39 file , I find a lots of packets be droped, why? is it right?
Well, it's not "right" in the sense that naturally you don't want to
drop any packets at all. Drops occur if the system cannot keep up
with the packet stream, which can have various reasons.
if not, and how to improve it?
What kind of system are you using? In general, Linux is not the best
choice for packet capturing, yet you might be able to improve
performance somewhat with a little bit of tweaking, see http://www.net.t-labs.tu-berlin.de/research/bpcs