Honeypots mailing list archives
Re: snort-inline segfault with -b
From: Rob McMillen <rvmcmil () cablespeed com>
Date: Fri, 21 Feb 2003 16:48:41 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for pointing this out. I will make sure it is fixed for the next release of snort-inline. The problem is that pcap is not initialized when the -Q is used; therefore, it cannot use the pcap_dump_open. Thanks again, Rob On Fri, 21 Feb 2003, Katriel Traum wrote:
Hello list, I've been trying to use snort as a GIDS with snort-inline. When trying to run snort in inline mode (-Q) along side with tcpdump logging (-b), I get a segfault (same goes when trying output log_tcpdump: /var/log/snort/tcpdump.log) I've run it through "gdb", and found out that it segfaults at a function called pcap_dump_open(), which after checking is the function that opens the pcap dump file. When running snort-inline with only -b or only -Q, nothing happens. Anyone else using snort-inline for data-capture/control? Has anyone seen or experienced something like this? Thanks,
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPlaev/nAyY+9KLjdEQLTYACfWjjyurLE+76igA5+UNZtkPIHmJIAoO8G ucnHE7qnTy0dxG381T0+OSwc =romv -----END PGP SIGNATURE-----
Current thread:
- snort-inline segfault with -b Katriel Traum (Feb 21)
- Re: snort-inline segfault with -b Rob McMillen (Feb 21)