Snort mailing list archives
RE: [Snort-users] snort-inline doesn´t work
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Thu, 13 Mar 2003 06:08:17 -0700
which snort binary are you running? The one for snort-inline or the one for snort? You do also have a configured and working version of snort on the same machine too right? If you do not have a working and running version of snort then you will not have a snort.conf. As for the iptables....you did "make" "make install" && "make install-devel" right? -----Original Message----- From: Jochen Vogel [mailto:jvogel () it-sec de] Sent: Thursday, March 13, 2003 2:42 AM To: 'snort-users () sourceforge net' Subject: [Snort-users] snort-inline doesn´t work hi, i did the following -installed RedHat8.0 minimal -updated all packages over RHN -get kernel-2.4.18-26.8.0 from RHN -installed libnet1.0.2a -installed iptables-1.2.7a with make install-devel -compiled snort-inline1.9.0 with --enable-inline -compiled snort-inline1.9.1 with --enable-inline --------------------------- snort-inline1.9.0 work well for a few minutes till i get an segmentation fault $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE -*> Snort! <*- Version 1.9.0beta2 (Build 184) By Martin Roesch (roesch () sourcefire com, www.snort.org) /etc/init.d/snort: line 30: 7475 Segmentation fault $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE ==> /var/log/snort/Mar_13/alert <== [**] [1:1122:4] ITSec snorttest [**] [Classification: Attempted Information Leak] [Priority: 2] 03/13-11:44:24.644534 192.168.0.145:1731 -> 195.245.50.2:80 TCP TTL:127 TOS:0x0 ID:41598 IpLen:20 DgmLen:373 DF ***AP*** Seq: 0xDEEDFC37 Ack: 0x4540AC67 Win: 0x41E8 TcpLen: 20 ==> /var/log/messages <== Mar 13 11:44:34 snolin kernel: ip_queue: peer 7475 died, resetting state and flushing queue --------------------------- snort-inline1.9.1 runs but doesn´t do something $SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE -*> Snort! <*- Version 1.9.1 (Build 231) By Martin Roesch (roesch () sourcefire com, www.snort.org) ----------------------------- both are started with the same configs thx for help jo ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-users] snort-inline doesn´t work Slighter, Tim (Mar 13)
- <Possible follow-ups>
- RE: [Snort-users] snort-inline doesn´t work Slighter, Tim (Mar 13)