Bugtraq mailing list archives
Re: Snort core dumped
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 11 Jan 2002 00:00:49 -0500
From the Snort BUGS file:
----------------------------------------------------------------- Bug reports should be sent to roesch () snort org, and cc'd to snort-devel () lists sourceforge net (Snort Developers mailing list) Please include the following information with your report: System Architecture (Sparc, x86, etc) Operating System and version (Linux 2.0.22, IRIX 5.3, etc) What rules (if any) you were using What command line switches you were using Any Snort error messages ----------------------------------------------------------------- Regardless of the fact that you completely ignored all of the above and required me to dig through my Bugtraq backlog to find this message, here's the patch to fix the problem. I'll assume you're on Linux. --- olddecode.h Thu Jan 10 15:47:48 2002 +++ decode.h Thu Jan 10 12:15:33 2002 @@ -105,7 +105,7 @@ #define IP_HEADER_LEN 20 #define TCP_HEADER_LEN 20 #define UDP_HEADER_LEN 8 -#define ICMP_HEADER_LEN 8 +#define ICMP_HEADER_LEN 4 #define TH_FIN 0x01 #define TH_SYN 0x02 This has been committed to the Snort 1.8 branch of Snort CVS and is included in build 90. -Marty Sinbad wrote:
Run snort: # snort -dev host 192.168.0.3 and 192.168.0.1 Ping 192.168.0.1 from 192.168.0.3 within one data in payload: # ping -c 1 -s 1 192.168.0.1 Snort's output showed below: -*> Snort! <*- Version 1.8.3 (Build 88) By Martin Roesch (roesch () sourcefire com, www.snort.org) 01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800 len:0x2B 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:29 DF Type:8 Code:0 ID:9435 Seq:0 ECHO Segmentation fault (core dumped) hmm... core dumped! while with the '-X' option works well. :) Have you ever seen this happened? Regards, Sinbad
-- Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999 Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
Current thread:
- Snort core dumped Sinbad (Jan 10)
- Re: Snort core dumped KF (Jan 10)
- Re: Snort core dumped Martin Roesch (Jan 11)