how does sniffing use memory?

[Jason Haar <Jason_Haar () trimble com>]

Hi there

We have a snort box that has daemonlogger running on it as well as
snort. It was crashing via

27982 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER,
"\3\r\202H\377\177\0\0000tp\0\0\0\0\0", 16) = -1 ENOMEM (Cannot allocate
memory)
27982 setsockopt(3, SOL_SOCKET, SO_DETACH_FILTER, [0], 4) = 0
27982 write(2, "Warning: Kernel filter failed: C"..., 54) = 54


This is a CentOS-6 64bit system with 4G RAM. I know that's not much, but
there's no swapping. There is a BPF filter - but I tried it with no
filter and it crashed too

We also have other identical boxes that don't show this symptom. I just
know that if I reboot this problem will be magically "solved" - but that
is obviously not a real solution

Can someone explain to me just what is behind this issue, as I need to
be able to figure out just which of our boxes are "underspec'ed"

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!