[Snort-users] snort 1.8.4b1 dumping core

Martin Roesch roesch at ...1935...
Sun Feb 3 06:42:13 EST 2002


Ok, remove the square brackets around your HOME_NET var, they're
unnecessary.  Other than that I'm not sure why this would be crashing from
the info I'm seeing.  What type of network are you running on (ethernet,
t/r, fddi, etc)?


     -Marty

On 2/3/02 2:04 AM, "Kris Kennaway" <kris at ...1402...> wrote:

> On Sat, Feb 02, 2002 at 10:11:33PM -0500, Martin Roesch wrote:
>> Any error messages?  Does it run for a while and core or right at
>> startup?  How have you set your HOME_NET and EXTERNAL_NET?
> 
> I've been corresponding with Fyodor a bit about this: I sent him the
> following gdb backtrace.
> 
> (gdb) bt
> #0  0x280bab5f in ?? ()
> #1  0x280ba7bb in ?? ()
> #2  0x804c121 in InterfaceThread (arg=0x80bb000) at snort.c:1675
> #3  0x804a841 in main (argc=50652, argv=0xfe8f7d04) at snort.c:478
> 
> (gdb) list 1675
> 1670        {
> 1671            LogMessage("Snort initialization completed successfully, Snort
> running");
> 1672        }
> 1673
> 1674        /* Read all packets on the device.  Continue until cnt packets
> read */
> 1675        if(pcap_loop(pds[myint], pv.pkt_cnt, (pcap_handler) ProcessPacket,
> NULL) < 0)
> 1676        {
> 1677            if(pv.daemon_flag)
> 1678                syslog(LOG_CONS | LOG_DAEMON, "pcap_loop: %s",
> pcap_geterr(pd));
> 1679            else
> 
> (gdb) print myint
> $3 = 671896152
> 
> The only bits of the snort.conf I've changed relative to the latest
> ruleset from CVS is this:
> 
> var HOME_NET [64.165.226.47/32]
> var EXTERNAL_NET !$HOME_NET
> 
> I have four coredumps, all in the same line of code, all of which
> occurred while downloading the same set of files via FTP.
> 
> Kris
> 
> 

-- 
Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list