Re: Corrupted Frame and Exit

["Matthew Babcock" <MBabcock () AandRTech com>]

> From that link
-----------------
> Linux kernel 2.6.29-rc6, x86_64, but 32-bit userland. It seems to
> work on 32/32 and 64/64-bit machines.

Thanks for the report. This is probably caused by the new packet
mmap interface, before Linux 2.6.27 it wasn't 64-bit clean and the
libpcap package in sid was built against 2.6.26 headers, so the new
tpacket v2 format support which fixes it wasn't compiled in.

Unfortunately I don't have a 64-bit machine running Linux 2.6.27+
where I could verify this right now, but I think that if you rebuild
the current source package with an up-to-date linux-libc-dev
(2.6.28-1) the resulting deb will work in your configuration.
-----------------

I am using 2.6.26 which supports the reason above.


Regards,
-- Matthew R. Babcock
CEO, Principal Consultant
A & R Technology Consulting - Providing solutions, not limitations -
MBabcock () AandRTech com
(508) 397-8280

> Thank you, I was wondering if I sent that email. Your problem should be
> with the libcap version you are on. Look into your options for a newer
> one.
>
> What version do you have installed? I use ADM64 as well with the new
> stable version Lenny.. I am guessing your using testing or unstable. Can
> you post a couple lines from etc/apt/sources.list ?
>
> I have...
>  sudo dpkg -l |grep ii |grep libpcap
> ii  libpcap0.8                          0.9.8-5                    system
> interface for user-level packet captu
>
> and I have never seen that error. Let me know if you want to check other
> version of other things, I stopped following the thread not sure what else
> was discussed...
>
> -----------
> You might be able to do this... assuming your version is broken and you
> need an old stable version...
> sudo aptitude purge libpcap(everything) && sudo aptitude clean && sudo vim
> /etc/apt/sources.list change everything to lenny (I use the replace
> function).
> Then do sudo aptitude update && sudo aptitude install libpcap0.8 (and
> everything that was removed when you purged libpcap a minute ago)
>
>
> Regards,
> -- Matthew R. Babcock
> CEO, Principal Consultant
> A & R Technology Consulting - Providing solutions, not limitations -
> MBabcock () AandRTech com
> (508) 397-8280
>
> > --- Original Message
> > From: Nathaniel Richmond <nate+snort () richmond-family org>
> > Sent: Monday, March 16, 2009, at 05:06AM PDT (GMT -0700)
> >
> > NR> If the error is about the libpcap headers, you may not have the
> > NR> libpcap-dev package installed. It might help to paste the exact
> > NR> error for the list.
> >
> > I did/do have libpcap-dev installed.
> >
> > Here is the error again:
> > rockenfield:~# tcpdump -vv -i eth3
> > tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96
> > bytes
> > 09:22:26.123716 Broadcast Unknown SSAP 0xe6 > 00:00:00:00:00:00 (oui
> > Ethernet) NetBeui Information, send seq 33, rcv seq 46, Flags [Final],
> > length 4294967282
> > tcpdump: pcap_loop: corrupted frame on kernel ring mac offset 94 +
> > caplen
> > 428 > frame len 160
> > 26 packets captured
> > 27 packets received by filter
> > 0 packets dropped by kernel
> >
> > If there is more information you'd like, let me know and I'll gladly
> > post
> > it.
> >
> > It looks like this is my problem, which was kindly posted by Matthew
> > Babcock:
> > http://74.125.95.132/search?q=cache:y-f7nqzgi-cJ:help.lockergnome.com/linux/Bug-517098-libpap-1_i386-broken-64-bit-kernel--ftopict493202.html+pcap_loop:+corrupted+frame+on+kernel+ring&hl=en&ct=clnk&cd=1&gl=us&ie=UTF-8
> >
> > I am running the amd64 version of the kernel.  I have tried to build
> > libpcap on my own but I'm not the best builder and had some problems.  I
> > will contact the Debian folks and see what's going on.
> >
> > Thanks,
> > -MikeD
> >
> > ------------------------------------------------------------------------------
> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> > development
> > software that enables intelligent coding and step-through debugging.
> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users