[Snort-devel] bug report: -r don't work without -v

Francois Baligant francois at ...565...
Tue Jul 24 21:07:21 EDT 2001


System Architecture (Sparc, x86, etc) Intel x86

Operating System and version (Linux 2.0.22, IRIX 5.3, etc) RedHat Linux 7.0.90

What rules (if any) you were using

preprocessor frag2

What command line switches you were using

/usr/local/snort/bin/snort -D -c /usr/local/snort/snort.conf -i eth1 -l
"/storage/snort/"

version/build:

-*> Snort! <*-
Version 1.8.1-beta3 (Build 47)
By Martin Roesch (roesch at ...402..., www.snort.org)

	trying to read tcpdump file:

[root at ...566... snort]# /usr/local/snort/bin/snort -P 4000 -r
/storage/snort/sat2
Reading Conf File...
TCPDUMP file reading mode.
Reading network traffic from "(null)" file.
Segmentation fault (core dumped)

[root at ...566... snort]# gdb bin/snort
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
(gdb) run -r/storage/snort/sat2 -P 4000 -n 1 -O
Starting program: /usr/local/snort/bin/snort -r/storage/snort/sat2 -P 4000
-n 1 -O
Reading Conf File...
TCPDUMP file reading mode.
Reading network traffic from "(null)" file.

Program received signal SIGSEGV, Segmentation fault.
0x0807fabf in pcap_open_offline ()
(gdb) bt
#0  0x0807fabf in pcap_open_offline ()
#1  0x0804ccdf in OpenPcap (intf=0x0, num=0) at snort.c:1557
#2  0x0804ca70 in InitializeInterfaces () at snort.c:1399
#3  0x0804b039 in main (argc=7, argv=0xbffffa7c) at snort.c:150
#4  0x401aaf11 in __libc_start_main (main=0x804af1c <main>, argc=7,
ubp_av=0xbffffa7c, init=0x804a2e0 <_init>,
    fini=0x8082fdc <_fini>, rtld_fini=0x4000e214 <_dl_fini>,
stack_end=0xbffffa74) at ../sysdeps/generic/libc-start.c:129


	with -v:

[root at ...566... snort]# /usr/local/snort/bin/snort -v -n 1 -O -P 4000 -r
/storage/snort/sat2

        --== Initializing Snort ==--
TCPDUMP file reading mode.
Reading network traffic from "/storage/snort/sat2" file.
snaplen = 144

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-beta3 (Build 47)
By Martin Roesch (roesch at ...402..., www.snort.org)
07/24-23:00:47.368658 161.58.176.185 -> 195.74.192.146
UDP TTL:113 TOS:0x0 ID:42178 IpLen:20 DgmLen:1500 MF
Frag Offset: 0x0   Frag Size: 0x6E
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

	works



-- 

Francois Baligant            _     Wanadoo Belgium NV/SA,
Network Operation Center    ( )       a subsidiary of France Telecom
                            /_\/   Lozenberg 22 - B-1932 Zaventem
francois at ...565...    (__/\   tel: +32 2 717 17 17
FB1-6BONE                          fax: +32 2 717 17 77

- "if you hold a unix shell to your ear, do you hear the c?"





More information about the Snort-devel mailing list