[Snort-devel] core dump debuggers dream

Phil Wood cpw at ...86...
Mon Jul 30 17:41:59 EDT 2001


I've attached my pcap file.  Anyone want to try for a core dump?

On Mon, Jul 30, 2001 at 03:42:42PM -0500, Chris Green wrote:
> Phil Wood <cpw at ...86...> writes:
> 
> > Well almost,
> > 
> > I have a 1 packet pcap file that when processed by snort with "output database",
> > will core dump on Version 1.8.1-beta5 (Build 59).
> > 
> > Comment out the output plugin and no core dump.
> > 
> > Works with just 1 rule in the configuration, and 1 packet in the pcapfile.
> > 
> > Here is the packet.  Anyone want to find a packet generator and create this?
> > I've got an incompatible pcap lib (except maybe the redhat distributions
> > can read it?)
> 
> brand new pcaps are supposed to be able to read it ( atleast from the
> changelog ) as well as editcap from ethereal.
> 
> ftp://ftp.cs.rpi.edu/.2/FreeBSD/ports/distfiles/tcpreplay-1.0.1.tar.gz
> will work.
> 
> anzen's stuff seems to have been yanked as they are now a part of nfr.
> -- 
> Chris Green <cmg at ...81...>
> You now have 14 minutes to reach minimum safe distance.

-- 
Phil Wood, cpw at ...86...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: just-one
Type: application/octet-stream
Size: 112 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20010730/ee337041/attachment.obj>


More information about the Snort-devel mailing list