[Snort-users] Corrupted Frame and Exit

Matthew Babcock MBabcock at ...14532...
Tue Mar 17 13:43:27 EDT 2009


Thank you, I was wondering if I sent that email. Your problem should be
with the libcap version you are on. Look into your options for a newer
one.

What version do you have installed? I use ADM64 as well with the new
stable version Lenny.. I am guessing your using testing or unstable. Can
you post a couple lines from etc/apt/sources.list ?

I have...
 sudo dpkg -l |grep ii |grep libpcap
ii  libpcap0.8                          0.9.8-5                    system
interface for user-level packet captu

and I have never seen that error. Let me know if you want to check other
version of other things, I stopped following the thread not sure what else
was discussed...

-----------
You might be able to do this... assuming your version is broken and you
need an old stable version...
sudo aptitude purge libpcap(everything) && sudo aptitude clean && sudo vim
/etc/apt/sources.list change everything to lenny (I use the replace
function).
Then do sudo aptitude update && sudo aptitude install libpcap0.8 (and
everything that was removed when you purged libpcap a minute ago)


Regards,
-- Matthew R. Babcock
CEO, Principal Consultant
A & R Technology Consulting - Providing solutions, not limitations -
MBabcock at ...14532...
(508) 397-8280

> --- Original Message
> From: Nathaniel Richmond <nate+snort at ...14258...>
> Sent: Monday, March 16, 2009, at 05:06AM PDT (GMT -0700)
>
> NR> If the error is about the libpcap headers, you may not have the
> NR> libpcap-dev package installed. It might help to paste the exact
> NR> error for the list.
>
> I did/do have libpcap-dev installed.
>
> Here is the error again:
> rockenfield:~# tcpdump -vv -i eth3
> tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96
> bytes
> 09:22:26.123716 Broadcast Unknown SSAP 0xe6 > 00:00:00:00:00:00 (oui
> Ethernet) NetBeui Information, send seq 33, rcv seq 46, Flags [Final],
> length 4294967282
> tcpdump: pcap_loop: corrupted frame on kernel ring mac offset 94 + caplen
> 428 > frame len 160
> 26 packets captured
> 27 packets received by filter
> 0 packets dropped by kernel
>
> If there is more information you'd like, let me know and I'll gladly post
> it.
>
> It looks like this is my problem, which was kindly posted by Matthew
> Babcock:
> http://74.125.95.132/search?q=cache:y-f7nqzgi-cJ:help.lockergnome.com/linux/Bug-517098-libpap-1_i386-broken-64-bit-kernel--ftopict493202.html+pcap_loop:+corrupted+frame+on+kernel+ring&hl=en&ct=clnk&cd=1&gl=us&ie=UTF-8
>
> I am running the amd64 version of the kernel.  I have tried to build
> libpcap on my own but I'm not the best builder and had some problems.  I
> will contact the Debian folks and see what's going on.
>
> Thanks,
> -MikeD
>
> ------------------------------------------------------------------------------
> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> easily build your RIAs with Flex Builder, the Eclipse(TM)based development
> software that enables intelligent coding and step-through debugging.
> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list