[Snort-users] HELP PLS!! #Snort received signal 3, exiting

John Sage jsage at ...2022...
Thu Sep 13 21:39:02 EDT 2001


IANAG (I Am Not A Guru), but:

You're telling it to read a file but not telling it to output anything.

Try something like:

snort -dv -r [your_file_name_here]

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."



rick wrote:

> Hi Gurus,
> 
> I just install Snort 1.81 (Version 1.8.1-RELEASE (Build 74))couple days ago,
> I used it to analysis the data I collected from tcpdump (sniffing @0.0.0.0)
> 
> I also download the latest ruleset from sourcefire. Since I am just testing
> this product, and my tcpdump -w output is very small, so I just used the
> default ruleset from snort --at the end of snort.conf (include sql.rules
> include x11.rules
> include icmp.rules
> include shellcode.rules
> include misc.rules
> include policy.rules
> include info.rules
> include icmp-info.rules
> include virus.rules
> include local.rules)
> 
> However, everytime I use snort -r to read the tcpdump -w output, and I get
> #snort received signal 3, exiting ALL THE TIME.. so i can't tell the
> integrity of the output.
> 
> I am running snort on Solaris7sparc(64bit) 300Mhz, 4Gb, 128Mb , and that sun
> box is not running anything else except snort...I can't see what's wrong..
> 
> Here's the actual output.. Any help is apperciated!!!!  thx in advance
> 
> **************************************************************************
> 
>   --== Initializing Snort ==--
> TCPDUMP file reading mode.
> Reading network traffic from "/usr/tcp/tcpdump20010910" file.
> snaplen = 68
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> Parsing Rules file snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> No arguments to frag2 directive, setting defaults to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
> Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Scan alerts: ACTIVE
> No arguments to stream4_reassemble, setting defaults:
>      Reassemble client: ACTIVE
>      Reassemble server: INACTIVE
>      Reassemble ports: 21 23 25 53 80 143 110 111 513
>      Reassembly alerts: ACTIVE
> Back Orifice detection brute force: DISABLED
> Using LOCAL time
> 1150 Snort rules read...
> 1150 Option Chains linked into 151 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Rule application order: ->activation->dynamic->alert->pass->log
> 
>         --== Initialization Complete ==--
> 
> -*> Snort! <*-
> Version 1.8.1-RELEASE (Build 74)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 
> 
> ============================================================================
> ===
> 
> Snort processed 459277 packets.
> Breakdown by protocol:                Action Stats:
> 
>     TCP: 206104     (44.876%)         ALERTS: 1027
>     UDP: 177782     (38.709%)         LOGGED: 101
>    ICMP: 92         (0.020%)          PASSED: 0
>     ARP: 12389      (2.698%)
>    IPv6: 0          (0.000%)
>     IPX: 0          (0.000%)
>   OTHER: 62815      (13.677%)
> ===========================================
> Fragmentation Stats:
> Fragmented IP Packets: 95         (0.021%)
>    Rebuilt IP Packets: 0
>    Frag elements used: 0
> Discarded(incomplete): 0
>    Discarded(timeout): 32
> ============================================
> 
> TCP Stream Reassembly Stats:
>    TCP Packets Used:      101571     (22.115%)
>    Reconstructed Packets: 0          (0.000%)
>    Streams Reconstructed: 6865
> =============================================
> 
> Snort received signal 3, exiting
> 
> ***********************************************************************
> 
> thx , rick
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 






More information about the Snort-users mailing list