Snort mailing list archives
Re: snort 1.8.4b1 dumping core
From: Martin Roesch <roesch () sourcefire com>
Date: Sun, 03 Feb 2002 09:41:14 -0500
Ok, remove the square brackets around your HOME_NET var, they're
unnecessary. Other than that I'm not sure why this would be crashing from
the info I'm seeing. What type of network are you running on (ethernet,
t/r, fddi, etc)?
-Marty
On 2/3/02 2:04 AM, "Kris Kennaway" <kris () obsecurity org> wrote:
On Sat, Feb 02, 2002 at 10:11:33PM -0500, Martin Roesch wrote:Any error messages? Does it run for a while and core or right at startup? How have you set your HOME_NET and EXTERNAL_NET?I've been corresponding with Fyodor a bit about this: I sent him the following gdb backtrace. (gdb) bt #0 0x280bab5f in ?? () #1 0x280ba7bb in ?? () #2 0x804c121 in InterfaceThread (arg=0x80bb000) at snort.c:1675 #3 0x804a841 in main (argc=50652, argv=0xfe8f7d04) at snort.c:478 (gdb) list 1675 1670 { 1671 LogMessage("Snort initialization completed successfully, Snort running"); 1672 } 1673 1674 /* Read all packets on the device. Continue until cnt packets read */ 1675 if(pcap_loop(pds[myint], pv.pkt_cnt, (pcap_handler) ProcessPacket, NULL) < 0) 1676 { 1677 if(pv.daemon_flag) 1678 syslog(LOG_CONS | LOG_DAEMON, "pcap_loop: %s", pcap_geterr(pd)); 1679 else (gdb) print myint $3 = 671896152 The only bits of the snort.conf I've changed relative to the latest ruleset from CVS is this: var HOME_NET [64.165.226.47/32] var EXTERNAL_NET !$HOME_NET I have four coredumps, all in the same line of code, all of which occurred while downloading the same set of files via FTP. Kris
-- Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999 Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Fyodor (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 03)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 03)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 03)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 03)
- Re: snort 1.8.4b1 dumping core Fyodor (Feb 04)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 15)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 15)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 15)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 15)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)