Re: Snort core dumped

[KF <dotslash () snosoft com>]

[root@xxx xxxx]# ps -ef | grep snort
snort �� 10283 ����1��2 17:17 ? �� ����00:00:00 /usr/sbin/snort -u snort
-g snorroot ����10292 10252��0 17:17 pts/2 �� 00:00:00

[xxxx@xxx xxxx]$ ping -c1 -s1 xxx.xxxxxx.com
PING xxx.xxxxxxx.com (111.111.111.111) from 111.111.111.111: 1(29) bytes
of data.
9 bytes from xxx.xxxxxxxx.com (192.168.1.103): icmp_seq=0 ttl=255

--- xxx.xxxxxxxxx.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss

[root@xxx xxxxxxxx]# ps -ef | grep snort
root ����10328 10252��0 17:18 pts/2 �� 00:00:00 grep snort

-KF


Sinbad wrote:

> Run snort:
> # snort -dev host 192.168.0.3 and 192.168.0.1 
>
> Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
> # ping -c 1 -s 1 192.168.0.1
>
> Snort's output showed below:
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roesch () sourcefire com, www.snort.org)
> 01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800 len:0x2B
> 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:29 DF
> Type:8  Code:0  ID:9435   Seq:0  ECHO
> Segmentation fault (core dumped)
>
> hmm... core dumped!
>
> while with the '-X' option works well. :)
>
> Have you ever seen this happened?
>
>
> Regards,
> Sinbad