Snort mailing list archives

AW: [Snort-users] snort-inline doesn´t work

From: Jochen Vogel <jvogel () it-sec de>
Date: Thu, 13 Mar 2003 15:33:58 +0100

hi,

which snort binary are you running?

1.9.0 created a binary /usr/local/bin/snort
1.9.1 created a binary /usr/local/bin/snort_inline

You do also have a configured and working version of 
snort on the same machine too right?

no. i only compiled 1.9.0 and 1.9.1 inline

If you do not have a working and running version of
snort then you will not have a snort.conf.

i copied /opt/packages/snort_inline-1.9.1/etc/* /etc/snort/

As for the iptables....you did
"make" "make install" && "make install-devel" right?

yes


----------------------------

i did the following

-installed RedHat8.0 minimal
-updated all packages over RHN
-get kernel-2.4.18-26.8.0 from RHN
-installed libnet1.0.2a
-installed iptables-1.2.7a with make install-devel
-compiled snort-inline1.9.0 with --enable-inline
-compiled snort-inline1.9.1 with --enable-inline

---------------------------

snort-inline1.9.0

work well for a few minutes till i get an segmentation fault

$SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE

-*> Snort! <*-
Version 1.9.0beta2 (Build 184)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
/etc/init.d/snort: line 30:  7475 Segmentation fault      $SNORT -d -c
/etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE

==> /var/log/snort/Mar_13/alert <==
[**] [1:1122:4] ITSec snorttest [**]
[Classification: Attempted Information Leak] [Priority: 2] 
03/13-11:44:24.644534 192.168.0.145:1731 -> 195.245.50.2:80
TCP TTL:127 TOS:0x0 ID:41598 IpLen:20 DgmLen:373 DF
***AP*** Seq: 0xDEEDFC37  Ack: 0x4540AC67  Win: 0x41E8  TcpLen: 20

==> /var/log/messages <==
Mar 13 11:44:34 snolin kernel: ip_queue: peer 7475 died, 
resetting state and
flushing queue

---------------------------

snort-inline1.9.1

runs but doesn´t do something

$SNORT -d -c /etc/snort/snort.conf -Q -i ppp0 -l $DIR/$DATE

-*> Snort! <*-
Version 1.9.1 (Build 231)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

-----------------------------

both are started with the same configs



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

AW: [Snort-users] snort-inline doesn´t work Jochen Vogel (Mar 13)
- <Possible follow-ups>
- AW: [Snort-users] snort-inline doesn´t work Jochen Vogel (Mar 13)