RE: Memory leak in 1.9.0?

["L. Christopher Luther" <CLuther () Xybernaut com>]

The WinPCap FAQ also seems to indicate that BSODs can occur, and at least w/
my SMP Snort sensor, I've gotten one or two BSODs, esp. when I'm messing
around a lot w/ the Snort config and doing a lot of start/stop/restart of
the Snort process.  

Unfortunately, I am not aware of any other packet capture drivers under
Win32.  :{  Maybe raw sockets?!  

- Christopher 


-----Original Message-----
From: David Wilkinson [mailto:dwilkinson () adalis com]
Sent: Friday, January 17, 2003 3:41 PM
To: L. Christopher Luther
Subject: RE: Memory leak in 1.9.0?
Sensitivity: Confidential


Christopher,

Thank you.

Yes, I was aware of the SMP issue with winpcap, which is why we are running
V 2.02.  All of the research we had done pointed to a time stamp issue with
the SMP configuration which has little or no consequence to us as a NIDS
program.

Is there another packet capture method you are familiar with?

David

-----Original Message-----
From: L. Christopher Luther [mailto:CLuther () Xybernaut com]
Sent: Friday, January 17, 2003 10:58 AM
To: 'David Wilkinson'
Cc: Snort-Users (E-mail)
Subject: RE: Memory leak in 1.9.0?
Sensitivity: Confidential


Are you sure it's Snort that is causing the memory leak and not WinPCap
(Task Manager will not delineate the memory used by snort.exe alone vs
snort.exe wpcap.dll)?  

As you may or may not know, WinPCap does not officially support SMP
platforms (see http://winpcap.polito.it/misc/faq.htm#Q-15), so it's very
possible that WinPCap is the culprit, and Snort 2.0 will not solve your
problems.  

IMHO, 
- Christopher 

[...snip...]