[Snort-devel] snort Version 2.8.6.rc (Build 16), option -r large.pcap, ... Value too large for defined data type

Phil Wood cpw at ...86...
Tue Feb 23 14:37:36 EST 2010


Not a real big deal.  But ...

Error getting stat on pcap file: /data/1266949500.000024.pcap: Value too large for defined data type
ERROR: Error getting pcaps.
Fatal Error, Quitting..

# this file is 5 minutes worth of pcap
$ ls -l /data/1266949500.000024.pcap
-rw-rw-r-- 1 grok grok 10429540832 2010-02-23 11:30 /data/1266949500.000024.pcap

$ /etc/snort/snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.8.6.rc (Build 16)  
   ''''    By Martin Roesch & The Snort Team:
           Copyright (C) 1998-2010 Sourcefire, Inc., et al.
           Using PCRE version: 7.8 2008-09-05

Not a big deal, I can get around the problem by piping pcap files to
snort.  But, it seams reasonable to expect that snort could read large
files.  Maybe I just need to know the right configuration option when
building it, or there is an option I don't see off the bat, or there is
another release out!


C. Philip Wood, Int. D.
Senior Member of the Internet
Los Alamos National Laboratory
Key fingerprint: 2BB7 A990 44F5 EF4B 4E35  8635 1205 97D3 F6D8 7F39
E-mail: cpw at ...86..., cornett at ...388...
Phone: 505 667-2598
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100223/83da1a5c/attachment.sig>

More information about the Snort-devel mailing list