Snort mailing list archives
Corrupted Frame and Exit
From: Mike <miked () softtalker com>
Date: Sun, 8 Mar 2009 16:21:52 -0700
I searched the email archives and checked with Google and didn't find anything relevant so I thought I'd try here. I'm having a problem with Snort where it reports a corrupted frame and dies immediately afterwards. Snort might die immediately or it might run for a few hours. Here are a couple of syslog entries from when it dies: Mar 6 01:26:06 rockenfield snort[20730]: pcap_loop: corrupted frame on kernel ring mac offset 1502 + caplen 1514 > frame len 1568 Mar 7 10:10:12 rockenfield snort[20895]: pcap_loop: corrupted frame on kernel ring mac offset 1114 + caplen 1114 > frame len 1568 Of course, the tcpdump log doesn't show anything. When it exits, it just shows that packets were discarded and that's it. The alert log has nothing at all. I have two NIC's and I thought it might be one of them so I switched it out but it did not fix the problem. The other NIC is on the motherboard and I could disable that and install another PCI NIC but I haven't tried that yet. Here is some system info. I'm running AMD Athlon 64 X2 dual core 3800+ with 8GB of RAM. The OS is Debian squeeze/6.0 running the 2.6.21 amd64 kernel. My network config is like so: cable modem is connected to eth0 (on board NIC), and I NAT everything to eth2 (PCI NIC that was replaced) using Shorewall for my internal network. Does anyone have any suggestions on how to troubleshoot and fix this? Thanks, -MikeD ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Corrupted Frame and Exit Mike (Mar 08)
- Message not available
- Re: Corrupted Frame and Exit Mike Dillinger (Mar 08)
- Re: Corrupted Frame and Exit Matthew Babcock (Mar 08)
- Re: Corrupted Frame and Exit Mike Dillinger (Mar 15)
- Re: Corrupted Frame and Exit Matthew Babcock (Mar 08)
- Re: Corrupted Frame and Exit Joel Esler (Mar 09)
- Re: Corrupted Frame and Exit Mike Dillinger (Mar 15)
- Message not available
- Re: Corrupted Frame and Exit Nathaniel Richmond (Mar 16)
- Re: Corrupted Frame and Exit Mike Dillinger (Mar 17)
- Re: Corrupted Frame and Exit Matthew Babcock (Mar 17)
- Re: Corrupted Frame and Exit Matthew Babcock (Mar 17)
- Re: Corrupted Frame and Exit Mike Dillinger (Mar 08)
- Message not available