[Snort-users] segmentation fault

Martin Roesch roesch at ...421...
Wed Oct 11 17:54:36 EDT 2000


Hi Joanne,
     What version of Snort are you using?

     -Marty

Joanne Treurniet wrote:
> 
> Hi,
> I'm a new snort user.  I installed from source yesterday on a RedHat 6.2
> system running kernel 2.2.16-3.
> 
> I'm trying to run raw tcpdump data (collected hourly on Shadow) through
> snort for content alerts.  I've tried 4 different hours and I get an
> "Aborted" message after 4 to 8 seconds.  If I remove the traffic involving
> the offending packet (the one after the last packet shown), I get a
> segmentation fault after a seemingly random amount of time (~40min) instead.
> 
> For each hour, the offending packet has the common thread of a large ack #
> and that they involve port 80.
> 
> The tcpdump data was collected using RedHat's tcpdump3.4 rpm which came with
> the distribution.  Are there known problems with this?  I know that the
> output format is different, but I didn't think the raw packets would differ.
> 
> If anyone can think of anything I could try, I'd appreciate the help.
> Thanks,
> Joanne
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> 
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list