[Snort-users] segmentation fault

Joanne Treurniet joanne_treurniet at ...125...
Wed Oct 11 14:18:38 EDT 2000


Hi,
I'm a new snort user.  I installed from source yesterday on a RedHat 6.2 
system running kernel 2.2.16-3.

I'm trying to run raw tcpdump data (collected hourly on Shadow) through 
snort for content alerts.  I've tried 4 different hours and I get an 
"Aborted" message after 4 to 8 seconds.  If I remove the traffic involving 
the offending packet (the one after the last packet shown), I get a 
segmentation fault after a seemingly random amount of time (~40min) instead.

For each hour, the offending packet has the common thread of a large ack # 
and that they involve port 80.

The tcpdump data was collected using RedHat's tcpdump3.4 rpm which came with 
the distribution.  Are there known problems with this?  I know that the 
output format is different, but I didn't think the raw packets would differ.

If anyone can think of anything I could try, I'd appreciate the help.
Thanks,
Joanne
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.




More information about the Snort-users mailing list