[Snort-users] SRC and DEST ip-address

Geoff the UNIX guy galitz at ...247...
Mon Jan 22 19:01:14 EST 2001


The following tidbit may be of some interest:


quoted message:
--------------------------------------------------------------------------------
Date: Mon, 07 Aug 2000 11:58:45 +0200
 From: Alexis Cousein [al at ...1194...]
 Newsgroups: comp.sys.sgi.admin
 Subject: Re: gcc 2.95.2 on Irix 6.5.8

 jthornton at ...479... wrote:
 >
 > Even if you are able to compile SSH with gcc 2.95.2, you will soon hit
 > another snag.
 >
 > The gcc libraries that convert internet addresses are broken. This
 > effects Apache and SSH.

 That is incorrect. The problem is that these installations rely on the
 standard libc() routines, and there's a bug in the N32 implementation of
 the MIPS ABI by gcc -- so the bug is that there aren't "gcc libraries"
 (as libraries compiled with gcc are interoperable with gcc binaries in
 this respect -- they both implement the same ABI conventions, albeit not
 the official MIPS N32 ABI conventions).

 There are several workarounds -- do an archive search on i n e t _ n t o
 a to find some pointers.

 [BTW, the reason that gcc 2.7.2 doesn't encounter this problem is simply
 that it uses an different, older O32 ABI]

----------------------------------------------------------
end quoted message


I have run into this from to time to time, always with gcc.
If you do have the native IRIX compiler handy, I would suggest
using that.  If not, try using an older version of gcc just to 
see if it corrects the problem.

-geoff





On Mon, 22 Jan 2001, Henning Bo Andersen wrote:

> Hi
> 
> I just compiled snort on my SGI today and snort seems to work besides
> that the source and destination addresses always are 255.255.255.255
> the ethers are diffrent
> 
> snort -v -e
> 01/22-22:33:21.131396 8:0:20:19:52:A6 -> 8:0:69:5:22:48 type:0x800
> len:0x3C
> 255.255.255.255:32805 -> 255.255.255.255:23 TCP TTL:255 TOS:0x0 ID:45085
> IpLen:20 DgmLen:40 DF
> ***A**** Seq: 0x6F1E7B0D  Ack: 0x79F4AA7C  Win: 0x2238  TcpLen: 20
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 01/22-22:33:21.131549 8:0:69:5:22:48 -> 8:0:20:19:52:A6 type:0x800
> len:0x5E
> 255.255.255.255:23 -> 255.255.255.255:32805 TCP TTL:60 TOS:0x10 ID:11346
> IpLen:20 DgmLen:80 DF
> ***AP*** Seq: 0x79F4AA7C  Ack: 0x6F1E7B0D  Win: 0xC000  TcpLen: 20
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 01/22-22:33:21.163906 0:90:AB:81:80:0 -> 8:0:69:5:22:48 type:0x800
> len:0x42
> 0.0.0.0:1492 -> 255.255.255.255:80 TCP TTL:107 TOS:0x1 ID:11546 IpLen:20
> DgmLen:52 DF
> ***A**** Seq: 0x3F9172  Ack: 0x69B5AA69  Win: 0x1F74  TcpLen: 32
> TCP Options (3) => NOP NOP TS: 40141 5765135
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> and so on
> 
> what am i missing ?
> 
> I have installed libpcap-0.6.1 (first i had 0.4 byt same result)
> 
> /Henning
> --
> Henning Bo Andersen     Department of Information and Media science
> Systemadministrator        Niels Juelsgade 84, DK-8200 �rhus N
> 
> Phone: +45 89 42 19 62   GSM:  +45 23 38 23 62
> Fax:   +45 89 42 19 52     URL: http://imv.au.dk/~hba
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 

---------------------------------------------------
Geoff Galitz, galitz at ...247...
Research Computing
College of Chemistry, UC Berkeley
---------------------------------------------------
     The laws of physics can be a harsh mistress...
        - Bender






More information about the Snort-users mailing list