Snort mailing list archives
Re: AppID warnings and Snort Segmentation fault
From: "Joel Cornett (jocornet)" <jocornet () cisco com>
Date: Wed, 30 Jul 2014 15:41:56 +0000
Message: 3 Date: Wed, 30 Jul 2014 18:54:20 +0400 From: Kiryukhin Andrey <andrei_1980 () mail ru<mailto:andrei_1980 () mail ru>> Subject: [Snort-users] AppID warnings and Snort Segmentation fault To: snort user list <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Message-ID: <53D9071C.9030302 () mail ru<mailto:53D9071C.9030302 () mail ru>> Content-Type: text/plain; charset=ISO-8859-1 Hello. I installed snort-2.9.7.0_beta and snort-openappid.2014-05-30.205-0 like describe this post: http://blog.snort.org/2014/03/firing-up-openappid.html when i execute snort -T -c /etc/snort/etc/snort.conf result: Snort successfully validated the configuration! Snort exiting But in log i have warnings: Invalid direct service AppId, 569, for 0x7f523f4de690 (nil) Invalid direct service AppId, 609, for 0x7f523f4d8740 (nil) Invalid direct service AppId, 603, for 0x7f523f4e5130 (nil) Invalid direct service AppId, 617, for 0x7f523f4dbeb0 (nil) Invalid direct service AppId, 547, for 0x7f523f4d8da0 (nil) Invalid direct service AppId, 165, for 0x7f523f4e0900 (nil) Invalid direct service AppId, 687, for 0x7f523f4deef0 (nil) Invalid direct service AppId, 376, for 0x7f523f4e25d0 (nil) Invalid direct service AppId, 747, for 0x7f523f4d7df0 (nil) Invalid direct service AppId, 754, for 0x7f523f4d9a70 (nil) Invalid direct service AppId, 753, for 0x7f523f4d9d60 (nil) Invalid direct service AppId, 755, for 0x7f523f4da520 (nil) Invalid direct service AppId, 603, for 0x7f523f4da520 (nil) Invalid direct service AppId, 763, for 0x7f523f4e4040 (nil) Invalid direct service AppId, 767, for 0x7f523f4d8c00 (nil) Invalid direct service AppId, 801, for 0x7f523f4d8280 (nil) Invalid direct service AppId, 800, for 0x7f523f4d8280 (nil) Invalid direct service AppId, 627, for 0x7f523f4dc3b0 (nil) Invalid direct service AppId, 894, for 0x7f523f4dcb10 (nil) Invalid direct service AppId, 895, for 0x7f523f4dcb10 (nil) Invalid direct service AppId, 398, for 0x7f523f4e2350 (nil) Invalid direct service AppId, 452, for 0x7f523f4ddbe0 (nil) Invalid direct service AppId, 823, for 0x7f523f4d90d0 (nil) Invalid direct service AppId, 1097, for 0x7f523f4e20e0 (nil) Invalid direct service AppId, 836, for 0x7f523f4de120 (nil) Invalid direct service AppId, 837, for 0x7f523f4dad50 (nil) Invalid direct service AppId, 846, for 0x7f523f4df540 (nil) Invalid direct service AppId, 847, for 0x7f523f4e6160 (nil) Invalid direct service AppId, 861, for 0x7f523f4d8530 (nil) Invalid direct service AppId, 862, for 0x7f523f4dffd0 (nil) Invalid direct service AppId, 426, for 0x7f523f4ed4c0 (nil) Invalid direct service AppId, 813, for 0x7f523f4ed4c0 (nil) Invalid direct service AppId, 118, for 0x7f523f4dea60 (nil) Invalid direct service AppId, 49, for 0x7f523f4db890 (nil) Invalid direct service AppId, 1755, for 0x7f523f4e4e30 (nil) Invalid direct service AppId, 872, for 0x7f523f4e6b50 (nil) Invalid direct service AppId, 61, for 0x7f523f4e68a0 (nil) Invalid direct service AppId, 774, for 0x7f523f4e6de0 (nil) Invalid direct service AppId, 683, for 0x7f523f4ea000 (nil) Invalid direct service AppId, 788, for 0x7f523f4ec950 (nil) Invalid direct service AppId, 701, for 0x7f523f4eb270 (nil) Invalid direct client application AppId, 788, for 0x7f523f4ecb80 (nil) Invalid direct client application AppId, 683, for 0x7f523f4ea200 (nil) Invalid direct client application AppId, 894, for 0x7f523f4d4be0 (nil) Invalid direct client application AppId, 895, for 0x7f523f4d4be0 (nil) Invalid direct client application AppId, 773, for 0x7f523f4d45b0 (nil) Invalid direct client application AppId, 872, for 0x7f523f4d4230 (nil) Invalid direct client application AppId, 619, for 0x7f523f4d3780 (nil) Invalid direct client application AppId, 846, for 0x7f523f4d3780 (nil) Invalid direct client application AppId, 723, for 0x7f523f4d3780 (nil) Invalid direct client application AppId, 794, for 0x7f523f4d3780 (nil) Invalid direct client application AppId, 771, for 0x7f523f4d3780 (nil) Invalid direct client application AppId, 61, for 0x7f523f4d2c10 (nil) Invalid direct client application AppId, 426, for 0x7f523f4ed6a0 (nil) Invalid direct client application AppId, 524, for 0x7f523f4d0e20 (nil) Invalid direct client application AppId, 936, for 0x7f523f4d0e20 (nil) Invalid direct client application AppId, 1107, for 0x7f523f4d1490 (nil) Invalid direct client application AppId, 547, for 0x7f523f4d1490 (nil) Invalid direct client application AppId, 732, for 0x7f523f4d1150 (nil) Invalid direct client application AppId, 743, for 0x7f523f4d1150 (nil) Invalid direct client application AppId, 308, for 0x7f523f4d1150 (nil) Invalid direct client application AppId, 307, for 0x7f523f4d1150 (nil) Invalid direct client application AppId, 866, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 776, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 700, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 625, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 626, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 1108, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 624, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 720, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 550, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 546, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 746, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 836, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 777, for 0x7f523f4d19c0 (nil) Invalid direct client application AppId, 701, for 0x7f523f4eb450 (nil) Invalid direct client application AppId, 813, for 0x7f523f4d3390 (nil) Invalid direct client application AppId, 571, for 0x7f523f4d2f50 (nil) Invalid direct client application AppId, 426, for 0x7f523f4ed610 (nil) Then, when i start snort in listen mode: snort -c /etc/snort/etc/snort.conf -i eth2 i have segmentation fault: Do you still get a segfault when you replay a pcap (instead of listening on an interface)? --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.7.0_beta GRE (Build 109) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.2 <Build 1> Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Preprocessor Object: APPID Version 1.1 <Build 4> Preprocessor Object: SF_SSH Version 1.1 <Build 3> Preprocessor Object: SF_GTP Version 1.1 <Build 1> Preprocessor Object: SF_SDF Version 1.1 <Build 1> Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Preprocessor Object: SF_POP Version 1.0 <Build 1> Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Preprocessor Object: SF_DNS Version 1.1 <Build 4> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Commencing packet processing (pid=12527) Segmentation fault Is it possible for you to provide a backtrace of the segfault? What can i do, to solve this problem? P.s. If no traffic on listen interface, then snort does not crash. Thanks. Joel Cornett | Software Engineer - Cisco jocornet () cisco com<mailto:jocornet () cisco com>
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 30)
- Re: AppID warnings and Snort Segmentation fault Joel Esler (jesler) (Jul 30)
- Message not available
- Re: [Snort-openappid] AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 30)
- Message not available
- Re: AppID warnings and Snort Segmentation fault Joel Esler (jesler) (Jul 30)
- <Possible follow-ups>
- Re: AppID warnings and Snort Segmentation fault Joel Cornett (jocornet) (Jul 30)
- Re: AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 30)
- Message not available
- Re: [Snort-openappid] AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 31)
- Message not available
- Re: [Snort-openappid] AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 31)
- Re: AppID warnings and Snort Segmentation fault Kiryukhin Andrey (Jul 30)