OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [snort] Sig11 on B11.
From: Martin Roesch (roeschhiverworld.com)
Date: Tue Mar 07 2000 - 14:31:09 CST

Hmm, that's weird, it doesn't look like the decoders got called at all
according to that dump. WTF?

Can you do me a favor? Can you do a "print p->frag_flag" and a "print
do_detect" for me? Thanks!

     -Marty

"Scott A . McIntyre" wrote:
>
> Beta 11 dies pretty quickly for me:
>
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/libexec/ld.so...done.
> Reading symbols from /usr/lib/libpcap.so.0.0...done.
> Reading symbols from /usr/lib/libc.so.12.40...done.
> #0 0x0 in ?? ()
> (gdb) where
> #0 0x0 in ?? ()
> #1 0xa910 in EvalHeader (rtn_idx=0x34b00, p=0xefbfd2e4) at rules.c:2593
> #2 0xa8b5 in EvalPacket (List=0x170a0, mode=2, p=0xefbfd2e4) at
> rules.c:2513
> #3 0xa841 in Detect (p=0xefbfd2e4) at rules.c:2443
> #4 0xa77c in Preprocess (p=0xefbfd2e4) at rules.c:2348
> #5 0x1cf2 in ProcessPacket (user=0x0, pkthdr=0x31ee4, pkt=0x31ef6 "")
> at snort.c:334
> #6 0x40037d91 in pcap_read ()
> #7 0x4003828f in pcap_dispatch ()
> #8 0x400382c7 in pcap_loop ()
> #9 0x1b99 in main (argc=7, argv=0xefbfd7d0) at snort.c:260
>
> (NetBSD 1.4.1) 

-- 
Martin Roesch                      <roeschhiverworld.com>
Director of Forensic Systems     http://www.hiverworld.com
Hiverworld, Inc.               Enterprise Network Security
Network Forensics, Intrusion Detection and Risk Assessment