Re: snort 1.8

[Scott Nursten <scott.nursten () StreetsOnline co uk>]

I get the same. 


snort -l /var/log/snort -c /etc/snort/snort.conf 
Log directory = /var/log/snort

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
No arguments to stream4 directive, setting defaults to:
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    Stateful Inspection: ACTIVE
    Stream Reassembly: INACTIVE
    Stream Stats: INACTIVE
    State Alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
Segmentation fault (core dumped)

gdb snort -c core

#0  0x08053b05 in mSplit (str=0x0, sep=0x80f2b04 " ", max_strs=2, toks=0xbfffd558, meta=92 '\\') at mstring.c:114
114         end = str + strlen(str);
(gdb) where
#0  0x08053b05 in mSplit (str=0x0, sep=0x80f2b04 " ", max_strs=2, toks=0xbfffd558, meta=92 '\\') at mstring.c:114
#1  0x08079530 in ParseARPspoofArgs (args=0x0) at spp_arpspoof.c:175
#2  0x080797fa in ARPspoofInit (args=0x0) at spp_arpspoof.c:299
#3  0x080550a2 in ParsePreprocessor (rule=0xbfffd65c "preprocessor arpspoof") at rules.c:1329
#4  0x080548c7 in ParseRule (rule_file=0x814a3e8, prule=0xbffff6fc "preprocessor arpspoof", inclevel=0) at rules.c:541
#5  0x0805445c in ParseRulesFile (file=0x8112254 "/etc/snort/snort.conf", inclevel=0) at rules.c:201
#6  0x0804c200 in main (argc=5, argv=0xbffffc14) at snort.c:309
#7  0x4009138b in __libc_start_main () from /lib/libc.so.6

Rgds,

Scott


Fyodor wrote:
> On Wed, Jul 11, 2001 at 09:24:48PM -0700, John Johnson wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > [root@linux /root]# snort -c /etc/snort/snort.conf -l /var/log/snort -i eth0
> > Log directory = /var/log/snort
> >
> >          --== Initializing Snort ==--
> > Checking PID path...
> > PATH_VARRUN is set to /var/run/ on this operating system
> >
> > Initializing Network Interface eth0
> > Decoding Ethernet on interface eth0
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Initializating Output Plugins!
> > Parsing Rules file /etc/snort/snort.conf
> >
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > Using LOCAL time
> > Segmentation fault (core dumped)
>
> All right, lets examine the coredump now :-p familiar with gdb?;)
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Scott Nursten - Systems Administrator
Streets Online Ltd.

Direct:         +44 (0) 1293 744 122
Business:       +44 (0) 1293 402 040
Fax:            +44 (0) 1293 402 050
Email:          scottn () streetsonline co uk

      -----------------------------------------------------------------------
        "Unix is user friendly. It's just selective when choosing friends."
      -----------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users