Hosting Provided By

[Snort-devel] BUG - Solaris + snort 2.0.1 in PrintTcpOptions

From: Bruno Saverio Delbono <bdelbono(at)leviathan.lucifer.at>
Date: Wed Jul 23 2003 - 19:57:13 EDT

BUG Report (2)

OS - Solaris 7 SunOS hell.lucifer.at 5.7 Generic_106541-08 sun4m sparc SUNW,SPARCstation-5

CC - cc: Sun C 5.5 2003/03/12 (Part of SunONE 8 Compiler collection)

BUG In - Reading of snort.log binary log files Details:

hell.lucifer.at# dbx /usr/bin/snort
Reading snort
Reading ld.so.1
Reading libm.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libc.so.1
Reading libdl.so.1
Reading libmp.so.2

(dbx) run -dve -r snort.log.1058979504
Running: snort -dve -r snort.log.1058979504 (process id 2850)

    Reading nss_files.so.1
    Running in packet dump mode
    Log directory = /var/log/snort
    TCPDUMP file reading mode.
    Reading network traffic from "snort.log.1058979504" file.     snaplen = 1514

--== Initializing Snort ==--
Initializing Output Plugins!

Do you need help?

--== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.1 (Build 88)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)

07/23-09:59:33.547274 0:0:77:98:8A:1B -> 8:0:20:20:FF:3D type:0x800 len:0x3C
24.84.17.78 -> 24.84.18.15 ICMP TTL:53 TOS:0x0 ID:37089 IpLen:20
DgmLen:28 DF Type:8  Code:0  ID:9126   Seq:0  ECHO

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/23-09:59:33.580588 8:0:20:20:FF:3D -> 0:0:77:98:8A:1B type:0x800 len:0x2A 24.84.18.15 -> 24.84.17.78 ICMP TTL:255 TOS:0x0 ID:62780 IpLen:20 DgmLen:28 DF Type:0 Code:0 ID:9126 Seq:0 ECHO REPLY

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/23-09:59:34.407405 0:0:77:98:8A:1B -> 8:0:20:20:FF:3D type:0x800 len:0x3E 24.84.17.78:53109 -> 24.84.18.15:161 TCP TTL:63 TOS:0x0 ID:37138 IpLen:20 DgmLen:48 DF
******S* Seq: 0x6F09AE62 Ack: 0x0 Win: 0xC1E8 TcpLen: 28

signal BUS (invalid address alignment) in PrintTcpOptions at line 1547 in file "log.c" 1547 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));

(dbx) where
=>[1] PrintTcpOptions(fp = 0x228550, p = 0xeffff3e4), line 1547 in "log.c"
[2] PrintTCPHeader(fp = 0x228550, p = 0xeffff3e4), line 986 in "log.c"
[3] PrintIPPkt(fp = 0x228550, type = 6, p = 0xeffff3e4), line 364 in "log.c"
[4] ProcessPacket(user = (nil), pkthdr = 0xeffff8d0, pkt =

Do you need more help?

0x2d7e42 "^H"), line 566 in "snort.c"
[5] pcap_offline_read(0x2d4a60, 0xffffffff, 0x595d8, 0x0,

0x595d8, 0xeffff8d0), at 0xcafc8
[6] pcap_loop(0x2d4a60, 0xffffffff, 0x595d8, 0x0, 0x0,

0x228570), at 0xc15c0
[7] InterfaceThread(arg = (nil)), line 1525 in "snort.c"
[8] SnortMain(argc = 4, argv = 0xeffffb14), line 537 in "snort.c"
[9] main(argc = 4, argv = 0xeffffb14), line 165 in "snort.c"

Workaround: Currently none

Anyone, please help?

-- 
Bruno Saverio Delbono 
Systems Engineer - Open-Systems Group Inc.
http://www.open-systems.org/users/bruno/
GPG Fingerprint: 1AAC 0F81 54F6 C7AF 2EC4  8993 0594 88B3 E127 35C5


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Received on Wed Jul 23 20:31:27 2003

This message: [ Message body ]
Next message: Bruno Saverio Delbono: "[Snort-devel] BUG - Solaris + snort 2.0.1 in PrintTcpOptions"
Previous message: Bruno Saverio Delbono: "[Snort-devel] Snort 2.0.1 on solaris 7 - Compile bug"
Reply: Bruno Saverio Delbono: "[Snort-devel] BUG - Solaris + snort 2.0.1 in PrintTcpOptions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT