[Snort-devel] Segmentation fault

GUILLON Gabriel gabriel.guillon at ...1789...
Fri Jan 24 06:37:18 EST 2003


archi:x86 (P200)
Linux 2.2.23 with ow1 patch
Snort 1.9.0
preprocessor frag2
preprocessor stream4: detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor asn1_decode
preprocessor portscan2: scanners_max 3200, targets_max 5000,
target_limit 5, port_limit 20, timeout 60, log /var/log/scan.log
output xml: log, file=/var/log/snortxml

include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules

include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules

include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules

include $RULE_PATH/smtp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/pop3.rules

include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/local.rules

Notice: 10.0.0.5 is a Cipe address.
Was Working fine till I made /var/log a ramdisk directory (that's why
I log to /var/snort and to syslog)
Note that this following debug id not 'fix', that is Segmentation
fault occur sometime 1sec after running snort, sometime 3sec, or 1/2
sec...


export SNORT_DEBUG=-1
snort -i eth1 -l /var/snort/ -u nobody -s 10.0.0.5 produce:

plugbase.c:641: Registering keyword:output => alert_syslog:0x8062670
spo_alert_syslog.c:101: Output plugin: Alert-Syslog is setup...
plugbase.c:641: Registering keyword:output => log_tcpdump:0x8065e60
spo_log_tcpdump.c:110: Output plugin: Log-Tcpdump is setup...
plugbase.c:641: Registering keyword:output => database:0x8063d00
spo_database.c:271: database(debug): database plugin is registered...
plugbase.c:641: Registering keyword:output => xml:0x8066310
spo_xml.c:355: xml_plugin: : Output plugin: xml is registered
plugbase.c:641: Registering keyword:output => alert_fast:0x8061d00
spo_alert_fast.c:95: Output plugin: AlertFast is setup...
plugbase.c:641: Registering keyword:output => alert_full:0x80621b0
spo_alert_full.c:89: Output plugin: AlertFull is setup...
plugbase.c:641: Registering keyword:output => alert_unixsock:0x8062ed0
spo_alert_unixsock.c:131: Output plugin: AlertUnixSock is setup...
plugbase.c:641: Registering keyword:output => alert_CSV:0x8063240
spo_csv.c:111: Output plugin: alert_CSV is setup...
plugbase.c:641: Registering keyword:output => log_null:0x8065da0
spo_log_null.c:66: Output plugin: LogNull is setup...
plugbase.c:641: Registering keyword:output => log_unified:0x80698e8
plugbase.c:641: Registering keyword:output => alert_unified:0x80696a0
plugbase.c:641: Registering keyword:output => unified:0x8068b4c
spo_unified.c:209: Output plugin: Unified logging/alerting is setup...
plugbase.c:641: Registering keyword:output => log_ascii:0x8069e20
spo_log_ascii.c:94: Output: LogAscii is setup
snort.c:728: Parsing command line...
snort.c:749: Processing cmd line switch: i
snort.c:945: Interface = eth1
snort.c:749: Processing cmd line switch: l
snort.c:749: Processing cmd line switch: u
snort.c:1231: UserID: 65534 GroupID: 65534
snort.c:749: Processing cmd line switch: s
snort.c:1141: Logging alerts to syslog
snort.c:1334: pcap_cmd is NULL
snort.c:227: Opening interface: eth1
snort.c:1748: snaplength info: set=1514/compiled=1514/wanted=0
snort.c:351: Setting Packet Processor
util.c:727: Set gid to 65534
util.c:741: Set gid to 65534
spo_alert_syslog.c:119: Output: Alert-Syslog Initialized
mstring.c:119: [*] Splitting string: LOG_PID LOG_NDELAY LOG_NOWAIT LOG_AUTH
mstring.c:119: curr_str = 0
mstring.c:148: max_strs = 30  curr_str = 0
mstring.c:167: Allocating 8 bytes for token mstring.c:182: tok[0]: LOG_PID
mstring.c:191: curr_str = 1
mstring.c:191: max_strs = 30  curr_str = 1
mstring.c:199: Checking if curr_str (1) >= max_strs (30)
mstring.c:167: Allocating 11 bytes for token mstring.c:182: tok[1]: LOG_NDELAY
mstring.c:191: curr_str = 2
mstring.c:191: max_strs = 30  curr_str = 2
mstring.c:199: Checking if curr_str (2) >= max_strs (30)
mstring.c:167: Allocating 11 bytes for token mstring.c:182: tok[2]: LOG_NOWAIT
mstring.c:191: curr_str = 3
mstring.c:191: max_strs = 30  curr_str = 3
mstring.c:199: Checking if curr_str (3) >= max_strs (30)
mstring.c:270: Allocating 9 bytes for last token mstring.c:280: tok[3]: LOG_AUTH
mstring.c:285: mSplit got 4 tokens!
spo_alert_syslog.c:128: Linking syslog alert function to call list...
spo_log_ascii.c:99: Output: Ascii logging initialized
snort.c:495: Entering pcap loop
decode.c:74: Packet!
decode.c:74: caplen: 106    pktlen: 106
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 92 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 72
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 106    pktlen: 106
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 92 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 72
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 106    pktlen: 106
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 92 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 72
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 106    pktlen: 106
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 92 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 72
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 60    pktlen: 60
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 46 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 60    pktlen: 60
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 46 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.2
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.2/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55391-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 106    pktlen: 106
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 92 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 72
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55377-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.3
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.3/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 90    pktlen: 90
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 76 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 56
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55377-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 54    pktlen: 54
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 40 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 5, passed len is 20
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.128
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.128/TCP:55377-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 114    pktlen: 114
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 100 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 80
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.131
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.131/TCP:37253-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.131
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.131/TCP:37253-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 84    pktlen: 84
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 70 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/UDP:1029-53
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.2
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.2/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 191    pktlen: 191
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 177 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/UDP:1029-53
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 74    pktlen: 74
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 60 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 10, passed len is 40
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 20 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 74    pktlen: 74
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 60 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 10, passed len is 40
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 20 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 437    pktlen: 437
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 423 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 403
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 78    pktlen: 78
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 64 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 11, passed len is 44
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 24 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 364    pktlen: 364
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 350 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 330
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 114    pktlen: 114
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 100 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 80
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.131
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.131/TCP:37253-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 52   0
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.131
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.131/TCP:37253-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 66    pktlen: 66
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 52 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 32
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.66.249
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.66.249/TCP:3568-80
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.3
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.3/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.2
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.2/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 62    pktlen: 62
decode.c:93: 0   1
decode.c:108: IP datagram size calculated to be 48 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1986: UDP Checksum: OK
decode.c:1990: UDP header starts at: 0x81744c2
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//81.67.64.3
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//81.67.64.3/UDP:1985-1985
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 17
decode.c:74: Packet!
decode.c:74: caplen: 98    pktlen: 98
decode.c:93: 0   52
decode.c:108: IP datagram size calculated to be 84 bytes
decode.c:1412: Packet!
decode.c:1550: IP Checksum: OK
decode.c:1599: IP header length: 20
decode.c:1829: TCP th_off is 8, passed len is 64
decode.c:1878: TCP Checksum: OK
decode.c:1882: tcp header starts at: 0x81744c2
decode.c:1890: 12 bytes of tcp options....
spo_log_ascii.c:113: LogPkt started
spo_log_ascii.c:262: Creating directory: /var/snort//194.2.40.131
spo_log_ascii.c:275: Directory Created!
spo_log_ascii.c:330: Opening file: /var/snort//194.2.40.131/TCP:37253-119
spo_log_ascii.c:339: File opened...
log.c:337: PrintIPPkt type = 6


Then Segmentation Fault...

Hope this help

-- 

Gabriel Guillon, CS SI





More information about the Snort-devel mailing list