Re: How to debug SNORT source code?

["Al Lewis \(allewi\) via Snort-devel" <snort-devel () lists snort org>]

Eclipse doesn’t do any debugging itself. It points to the debugger on your system (i.e GDB) and acts as a visual 
wrapper around that.



debian9@debian9:/var/tmp/snort-2.9.15$ gdb ./bin/snort
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bin/snort...done.

(gdb) break main
Breakpoint 1 at 0x41c53: file snort.c, line 716.
(gdb) r ./bin/snort -c etc/pptp.conf -r ~/Downloads/pptp_eap.pcap -Acmg -k none -q
Starting program: /var/tmp/snort-2.9.15/bin/snort ./bin/snort -c etc/pptp.conf -r ~/Downloads/pptp_eap.pcap -Acmg -k 
none -q
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, main (argc=10, argv=0x7fffffffe518) at snort.c:716
716      snort_argc = argc;
(gdb) n
717      snort_argv = argv;
(gdb) n
719      return SnortMain(argc, argv);
(gdb) f
#0  main (argc=10, argv=0x7fffffffe518) at snort.c:719
719      return SnortMain(argc, argv);
(gdb)



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>



From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Awais Ali via Snort-devel <snort-devel () lists 
snort org>
Reply-To: Awais Ali <awaisali901 () gmail com>
Date: Friday, April 3, 2020 at 12:54 PM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: Re: [Snort-devel] How to debug SNORT source code?

Thank you Lewis,

I am not familiar with GDP, can we do debugging with eclipse?

Thanks,
Awais Ali

On Fri, 3 Apr 2020, 18:36 Al Lewis (allewi), <allewi () cisco com<mailto:allewi () cisco com>> wrote:
You can use GDB directly. Compile with “–enable-gdb –enable-debug –enable-debug-msgs”.


Break at main .. then off you go..

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>



From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of 
Awais Ali via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>>
Reply-To: Awais Ali <awaisali901 () gmail com<mailto:awaisali901 () gmail com>>
Date: Friday, April 3, 2020 at 12:33 PM
To: "snort-devel () lists snort org<mailto:snort-devel () lists snort org>" <snort-devel () lists snort 
org<mailto:snort-devel () lists snort org>>
Subject: [Snort-devel] How to debug SNORT source code?

Hello all,
I want to debug SNORT source code. For example,  i want to see how SNORT source code works when packet comes, passes 
through decoder, preprocessors and detection engine.
Actually i am writing my own preprocessor where i will have to modify decode.c and other files but i am getting errors 
in different source files so i want to debug SNORT source code. Is there any environment or IDE doing this?
I tried with Eclipse but i am unable to debug SNORT inside eclipse.  Looking for help please.

Thanks,
Awais Ali

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!