[Snort-devel] Snort 1.9 core dump

James Hoagland jim at ...60...
Thu Jan 16 13:53:01 EST 2003


>Command line:
>      /cust/src/snort-stable/src/snort -c 
>/cust/src/snort-stable/etc/xx-snort.conf -i ge0 -dvD -l 
>/export-1/log/snort/xx host xx.xx.2.131 or host      xx.xx.2.132 or 
>host xx.xx.2.133 or host xx.xx.2.134 or host xx.xx.2.135 or host 
>xx.xx.2.136 or host xx.x.2.137 or host xx.xx.2.138 or   host 
>xx.xx.2.139 or host xx.xx.2.140 or host xx.xx.2.141 or host 
>xx.xx.2.142
>
>The reason for the massive host list is that pcap puked on a /28 
>cidr block with the following error:
>
>ERROR: OpenPcap() FSM compilation failed:
>        non-network bits set in "xx.xx.2.131/28"
>PCAP command: net xx.xx.2.131/28
>Fatal Error, Quitting..

FYI, xx.xx.2.131/28 is not equivalent to your IP list above.  The 
canonical form of xx.xx.2.131/28 is xx.xx.2.128/28, which is why Pcap 
complained (it is insisting on the canonical form).  In any case 
xx.xx.2.128/28 is equivalent to xx.xx.2.128 - xx.xx.2.143.  The 
simplest way to precisely express your hosts above in CIDR is 
xx.xx.2.132/30, xx.xx.2.136/30, xx.xx.2.40/31, xx.xx.2.141

Hope this helps in some way,

   Jim
-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...60..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-devel mailing list