[Snort-users] setsockopt: Bad file descriptor

Ernie Dipko edipko at ...4437...
Wed Jan 2 08:30:02 EST 2002


Hi all...Happy new year...
 
I am having a problem issuing the following command:
 
snort -N -A none -p -T -r /usr/local/demarc/cgi/stub_traffic_file -l
/usr/local/demarc/tmp -c /usr/local/demark/tmp/snort.conf 2>&1
 
The command replies with:
            
TCPDUMP file reading mode.
Reading network traffic file from "/usr/local/demark/cgi/stub_traffic_file"
file.
Snaplen = 96
Setsockopt: Bad file descriptor
 
 
Can anyone help?
 
I am on RedHat Linux 7.1, (2.4.9-12 kernel), libpcap-0.6.2, snort 1.8.3
(Build 88)
Thanks 
Ernie
 
 
I don't think it matters, but here is the snort.conf file I was using:
 
# NOTE:
# This snort.conf file has been automatically generated for you
# in order to quickly bring a new snort/DEMARC sensor online.
# This is BY NO MEANS a list of all options availible to you
# from a properly optimized snort.conf file.
#
# Once your sensor is online, and you are able to control it from
# the DEMARC web interface, please go to http://snort.sourcefire.com/
# to download the sample snort.conf file which you can then customize
# to fit the needs of your network.
 
 
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
 
preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384
preprocessor unidecode: 80
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan-ignorehosts: 10.10.1.1 10.10.1.116
output database: log, mysql, user=snort dbname=snort password={my password}
host=127.0.0.1 sensor_name=netsniffer1
 
 
#BEGIN RULES:
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020102/2d90a901/attachment.html>


More information about the Snort-users mailing list