[Snort-devel] core dump debuggers dream

Chris Green cmg at ...81...
Mon Jul 30 16:42:42 EDT 2001


Phil Wood <cpw at ...86...> writes:

> Well almost,
> 
> I have a 1 packet pcap file that when processed by snort with "output database",
> will core dump on Version 1.8.1-beta5 (Build 59).
> 
> Comment out the output plugin and no core dump.
> 
> Works with just 1 rule in the configuration, and 1 packet in the pcapfile.
> 
> Here is the packet.  Anyone want to find a packet generator and create this?
> I've got an incompatible pcap lib (except maybe the redhat distributions
> can read it?)

brand new pcaps are supposed to be able to read it ( atleast from the
changelog ) as well as editcap from ethereal.

ftp://ftp.cs.rpi.edu/.2/FreeBSD/ports/distfiles/tcpreplay-1.0.1.tar.gz
will work.

anzen's stuff seems to have been yanked as they are now a part of nfr.
-- 
Chris Green <cmg at ...81...>
You now have 14 minutes to reach minimum safe distance.




More information about the Snort-devel mailing list