[Snort-devel] snort and /etc/protocols

Erek Adams erek at ...105...
Wed Jan 31 12:11:30 EST 2001


After doing a CVS grab, I had a few issues.  So I whip out the handy-dandy
"Truss-o-Matic (tm)" to help me out.  I noticed something a bit odd when
looking thru the truss output.  The section below repeats--256 times.

Anyone?

-----

/local/home/snort# grep -ic "/etc/protocols" /tmp/snorttruss
256

[...snipped truss output...]

open("/etc/protocols", O_RDONLY)                = 3
fstat64(3, 0xEFFFF798)                          = 0
    d=0x00800018 i=70535 m=0100444 l=1  u=0     g=3     sz=980
        at = Jan 31 08:54:10 PST 2001  [ 980960050 ]
        mt = Jan 29 09:53:36 PST 2000  [ 949168416 ]
        ct = Jan 29 09:53:36 PST 2000  [ 949168416 ]
    bsz=8192  blks=2     fs=ufs
brk(0x0007FC70)                                 = 0
brk(0x00081C70)                                 = 0
ioctl(3, TCGETA, 0xEFFFF724)                    Err#25 ENOTTY
read(3, 0x0007EF24, 8192)                       = 980
   # i d e n t\t " @ ( # ) p r o t o c o l s\t 1 . 4\t 9 7 / 0 5 /
   1 6   S M I "\t / *   S V r 4 . 0   1 . 1\t * /\n\n #\n #   I n
   t e r n e t   ( I P )   p r o t o c o l s\n #\n i p\t\t 0\t I P
  \t\t #   i n t e r n e t   p r o t o c o l ,   p s e u d o   p r
   o t o c o l   n u m b e r\n i c m p\t\t 1\t I C M P\t\t #   i n
   t e r n e t   c o n t r o l   m e s s a g e   p r o t o c o l\n
   g g p\t\t 3\t G G P\t\t #   g a t e w a y - g a t e w a y   p r
   o t o c o l\n t c p\t\t 6\t T C P\t\t #   t r a n s m i s s i o
   n   c o n t r o l   p r o t o c o l\n e g p\t\t 8\t E G P\t\t #
     e x t e r i o r   g a t e w a y   p r o t o c o l\n p u p\t\t
   1 2\t P U P\t\t #   P A R C   u n i v e r s a l   p a c k e t
   p r o t o c o l\n u d p\t\t 1 7\t U D P\t\t #   u s e r   d a t
   a g r a m   p r o t o c o l\n h m p\t\t 2 0\t H M P\t\t #   h o
   s t   m o n i t o r i n g   p r o t o c o l\n x n s - i d p\t\t
   2 2\t X N S - I D P\t\t #   X e r o x   N S   I D P\n r d p\t\t
   2 7\t R D P\t\t #   " r e l i a b l e   d a t a g r a m "   p r
   o t o c o l\n\n #\n #   I n t e r n e t   ( I P v 6 )   e x t e
   n s i o n   h e a d e r s\n #\n i p v 6\t\t 4 1\t I P v 6\t\t #
     I P v 6   i n   I P   e n c a p s u l a t i o n\n i p v 6 - r
   o u t e\t 4 3\t I P v 6 - R o u t e\t #   R o u t i n g   h e a
   d e r   f o r   I P v 6\n i p v 6 - f r a g\t 4 4\t I P v 6 - F
   r a g\t #   F r a g m e n t   h e a d e r   f o r   I P v 6\n e
   s p\t\t 5 0\t E S P\t\t #   E n c a p   S e c u r i t y   P a y
   l o a d   f o r   I P v 6\n a h\t\t 5 1\t A H\t\t #   A u t h e
   n t i c a t i o n   H e a d e r   f o r   I P v 6\n i p v 6 - i
   c m p\t 5 8\t I P v 6 - I C M P\t #   I P v 6   i n t e r n e t
     c o n t r o l   m e s s a g e   p r o t o c o l\n i p v 6 - n
   o n x t\t 5 9\t I P v 6 - N o N x t\t #   N o   n e x t   h e a
   d e r   e x t e n s i o n   h e a d e r   f o r   I P v 6\n i p
   v 6 - o p t s\t 6 0\t I P v 6 - O p t s\t #   D e s t i n a t i
   o n   O p t i o n s   f o r   I P v 6\n
llseek(3, 0xFFFFFFFFFFFFFCBA, SEEK_CUR)         = 142
close(3)                                        = 0
open("/etc/protocols", O_RDONLY)                = 3
fstat64(3, 0xEFFFF798)                          = 0
    d=0x00800018 i=70535 m=0100444 l=1  u=0     g=3     sz=980
        at = Jan 31 08:57:17 PST 2001  [ 980960237 ]
        mt = Jan 29 09:53:36 PST 2000  [ 949168416 ]
        ct = Jan 29 09:53:36 PST 2000  [ 949168416 ]
    bsz=8192  blks=2     fs=ufs
ioctl(3, TCGETA, 0xEFFFF724)                    Err#25 ENOTTY
read(3, 0x0007EF24, 8192)                       = 980
   # i d e n t\t " @ ( # ) p r o t o c o l s\t 1 . 4\t 9 7 / 0 5 /
   1 6   S M I "\t / *   S V r 4 . 0   1 . 1\t * /\n\n #\n #   I n
   t e r n e t   ( I P )   p r o t o c o l s\n #\n i p\t\t 0\t I P
  \t\t #   i n t e r n e t   p r o t o c o l ,   p s e u d o   p r
   o t o c o l   n u m b e r\n i c m p\t\t 1\t I C M P\t\t #   i n

[...snipped truss output...]

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-devel mailing list