[Snort-devel] Re: Segmentation fault - SORTED MY END - BUT STILL BUG?
T.M.Hesketh-roberts at ...1826...
Mon Mar 3 06:03:04 EST 2003
I deserve I real telling off here. Can't
believe I was so silly as to not notice I
missed off the -c option. Including this
prevented the segmentation fault (as detailed
in copy of email below).
However, the previous (below email) may still
be warranted as a bug, since should it throw
up a segmentation fault if you don't specify
a config file??
NB: Hadn't changed any configuration of snort
after installation (obviously just ran
./configure before making).
On Sat, 1 Mar 2003, Thoplaop wrote:
> System Architecture (Sparc, x86, etc)
> x86 - AMD 500MHz
> Operating System and version (Linux 2.0.22, IRIX 5.3, etc)
> Linux Kernel 2.4.19
> (It's Mandrake 9.0, which means it has GCC 3.2)
> Version of Snort
> Snort Version 1.8.3
> What preprocessors you loaded
> Just as in your own snort.conf file downloaded from
> your website (see next answer for URL). I did not
> edit the snort.conf at all, the preprocessor statements
> were thus as follows:
> preprocessor frag2
> preprocessor stream4: detect_scans, disable_evasion_alerts
> preprocessor stream4_reassemble
> preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
> iis_flip_slash full_whitespace
> preprocessor rpc_decode: 111 32771
> preprocessor bo: -nobrute
> preprocessor telnet_decode
> preprocessor conversation: allowed_ip_protocols all, timeout 60,
> max_conversations 32000
> preprocessor portscan2: scanners_max 3200, targets_max 5000,
> target_limit 5, port_limit 20, timeout 60
> What rules (if any) you were using
> As downloaded from your own website at
> and simply referred to the snort.conf file included
> in snortrules.tar.gz in order to use rules. The
> snort.conf file was simply referred to on command-line
> as shown below.
> What output plug-ins you loaded
> None unless any loaded in snort.conf
> What command line switches you were using
> snort -devr /home/thop/mit_training_week1/monday/tcpdump -h
> 192.168.1.0/24 -l /home/thop/snort/mitlog1_asc/
> (NB: "mit_training_week1/" dir. is extracted directly from
> Any Snort error messages
> Output copied and pasted as follows:
> Initializing Output Plugins!
> Log directory = /home/thop/snort/mitlog1_asc/
> TCPDUMP file reading mode.
> Reading network traffic from
> "/home/thop/mit_training_week1/monday/tcpdump" file.
> snaplen = 66000
> --== Initializing Snort ==--
> --== Initialization Complete ==--
> -*> Snort! <*-
> Version 1.9.0 (Build 209)
> By Martin Roesch (roesch at ...402..., www.snort.org)
> Segmentation fault
> [root at ...1825... snort]#
> Any more information
> Please reply and I should get back to you quickly
> Spare time? Make good use of it...
> http://thop.co.uk/go - just click to donate free to good causes
> (sponsered by adverts)
> Michael Eisner, MD for Disney = $9,783/hour
> Haitian worker for Disney = 28 cents/hour
Spare time? Make good use of it...
http://thop.co.uk/go - just click to donate free to good causes
(sponsered by adverts)
Michael Eisner, MD for Disney = $9,783/hour
Haitian worker for Disney = 28 cents/hour
More information about the Snort-devel