[Snort-users] Segfault on fun funy rule
Jason Monroe "JC"
monroe at ...5738...
Wed Feb 25 20:36:05 EST 2004
Downloaded 2.1.1 built it against Fedora Core 1
[root at ...11312... root]# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
Thread model: posix
gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)
Have rule in local.rules that causes breakage
alert tcp any any -> any any (msg:"Telnet login as
I mistakenly typed a ":" instead of "," between the flow statement
When I correct the rule snort is able to init correctly :)
(the glass is half full)
[root at ...11312... root]# /opt/snort/bin/snort -T -v -c /etc/snort/snort.conf
.... sparing details
Ports to decode telnet on: 21 23 25 119
I looked at the FAQ said DO GDB so here it is
[root at ...11312... root]# gdb snort
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run snort -T -v -c /etc/snort/snort.conf
Starting program: /opt/snort/bin/snort snort -T -v -c
Running in IDS mode
Log directory = /var/log/snort
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
PCAP command: snort
Fatal Error, Quitting..
Program exited with code 01.
More information about the Snort-users