OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: ±è¿µ¼ (youngsung.kimhynix.com)
Date: Fri May 03 2002 - 01:36:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I ran snort on OpenBSD-2.9-sparc. It was compiled well with included compiler.
    In sniffing mode and packet logger mode snort runs well.
    But in NID mode, it didn't run. And then snort.core gererated.
    (Ex]/usr/snort/bin/snort -dev -l ./log -c /usr/snort/rules/snort.conf)

    Here is out with "gdb snort"
    -----------------------------------------------------------------------
    idshost# gdb snort
    GNU gdb 4.16.1
    Copyright 1996 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB. Type "show warranty" for details.
    This GDB was configured as "sparc-unknown-openbsd2.9"...
    (gdb) run -dev -l ./log -c /usr/snort/rules/snort.conf
    Starting program: /usr/snort/bin/snort -dev -l ./log -c /usr/snort/rules/snort.conf
    Log directory = ./log

    Initializing Network Interface hme0

            --== Initializing Snort ==--
    Decoding Ethernet on interface hme0
    Initializing Preprocessors!
    Initializing Plug-ins!
    Initializating Output Plugins!
    Parsing Rules file /usr/snort/rules/snort.conf

    +++++++++++++++++++++++++++++++++++++++++++++++++++
    Initializing rule chains...
    No arguments to frag2 directive, setting defaults to:
        Fragment timeout: 60 seconds
        Fragment memory cap: 4194304 bytes
    Stream4 config:
        Stateful inspection: ACTIVE
        Session statistics: INACTIVE
        Session timeout: 30 seconds
        Session memory cap: 8388608 bytes
        State alerts: INACTIVE
        Scan alerts: ACTIVE
        Log Flushed Streams: INACTIVE

    Program received signal SIGBUS, Bus error.
    0x46d78 in InitStream4Pkt () at spp_stream4.c:2938
    2938 stream_pkt->iph->ip_ver = 0x4;
    -----------------------------------------------------------------------------

    How could I fix it. Anyone can help me?. Thanks.

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users