Snort mailing list archives
Re: HELP PLS!! #Snort received signal 3, exiting
From: John Sage <jsage () finchhaven com>
Date: Thu, 13 Sep 2001 21:38:33 -0700
IANAG (I Am Not A Guru), but: You're telling it to read a file but not telling it to output anything. Try something like: snort -dv -r [your_file_name_here] - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." rick wrote:
Hi Gurus, I just install Snort 1.81 (Version 1.8.1-RELEASE (Build 74))couple days ago, I used it to analysis the data I collected from tcpdump (sniffing @0.0.0.0) I also download the latest ruleset from sourcefire. Since I am just testing this product, and my tcpdump -w output is very small, so I just used the default ruleset from snort --at the end of snort.conf (include sql.rules include x11.rules include icmp.rules include shellcode.rules include misc.rules include policy.rules include info.rules include icmp-info.rules include virus.rules include local.rules) However, everytime I use snort -r to read the tcpdump -w output, and I get #snort received signal 3, exiting ALL THE TIME.. so i can't tell the integrity of the output. I am running snort on Solaris7sparc(64bit) 300Mhz, 4Gb, 128Mb , and that sun box is not running anything else except snort...I can't see what's wrong.. Here's the actual output.. Any help is apperciated!!!! thx in advance ************************************************************************** --== Initializing Snort ==-- TCPDUMP file reading mode. Reading network traffic from "/usr/tcp/tcpdump20010910" file. snaplen = 68 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Scan alerts: ACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time 1150 Snort rules read... 1150 Option Chains linked into 151 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 1.8.1-RELEASE (Build 74) By Martin Roesch (roesch () sourcefire com, www.snort.org) ============================================================================ === Snort processed 459277 packets. Breakdown by protocol: Action Stats: TCP: 206104 (44.876%) ALERTS: 1027 UDP: 177782 (38.709%) LOGGED: 101 ICMP: 92 (0.020%) PASSED: 0 ARP: 12389 (2.698%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 62815 (13.677%) =========================================== Fragmentation Stats: Fragmented IP Packets: 95 (0.021%) Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 32 ============================================ TCP Stream Reassembly Stats: TCP Packets Used: 101571 (22.115%) Reconstructed Packets: 0 (0.000%) Streams Reconstructed: 6865 ============================================= Snort received signal 3, exiting *********************************************************************** thx , rick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP PLS!! #Snort received signal 3, exiting rick (Sep 13)
- Re: HELP PLS!! #Snort received signal 3, exiting John Sage (Sep 13)
- Re: HELP PLS!! #Snort received signal 3, exiting rick (Sep 13)
- Re: HELP PLS!! #Snort received signal 3, exiting Andrew R. Baker (Sep 13)
- Re: HELP PLS!! #Snort received signal 3, exiting rick (Sep 13)
- Re: HELP PLS!! #Snort received signal 3, exiting John Sage (Sep 13)