Re: [Snort-users] Problems with Snort on SuSE Linux 9.1 (Kernel 2.6)
This is a discussion on Re: [Snort-users] Problems with Snort on SuSE Linux 9.1 (Kernel 2.6) within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------=_NextPart_000_0131_01C44F25.7F457860 Content-Type: text/plain; charset="iso-8859-1&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-11-2004
|
|||
|
|||
Re: [Snort-users] Problems with Snort on SuSE Linux 9.1 (Kernel 2.6)
This is a multi-part message in MIME format.
------=_NextPart_000_0131_01C44F25.7F457860 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MessageTom, There was a thread started by someone on the SuSE-security mailing list = that no one provided a response to.=20 http://lists.suse.com/archive/suse-s...-May/0143.html I was wondering if someone on the snort-users list knew of a bug in = 2.1.1 Snort that prevented it from working on a 2.6 kernel or SuSE 9.1. The biggest question to our engineers so far is whether its a bug in = Snort or pcap.=20 Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, Inc. http://www.appliedwatch.com ----- Original Message -----=20 From: Tom Fulton=20 To: 'Eric Hines' ; snort-users@lists.sourceforge.net=20 Sent: Thursday, June 10, 2004 6:42 PM Subject: RE: [Snort-users] Problems with Snort on SuSE Linux 9.1 = (Kernel 2.6) Let me see if I can find anything out on this on the internal = websites. I'm not currently running this combination. Tom Fulton, CISSP Sr. Systems Engineer Novell/SuSE Linux San Jose, CA Mobile: 408-802-0948 (Primary) =20 =20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net = [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Eric Hines Sent: Thursday, June 10, 2004 5:28 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Problems with Snort on SuSE Linux 9.1 (Kernel = 2.6) All, We are having customers reporting Snort 2.1.1 not working on SuSE = Linux 9.1. When trying to start Snort, they report a Fatal Error message = from pcap. Is anyone aware of a bugfix that may have been made in 2.1.1 -> = 2.1.3? Or has anyone on this list seen the same problems when using SuSE = 9.1, kernel 2.6 and Snort? Is it a problem introduced with the 2.6 kernel in Snort or is it = pcap? Thanks, Eric Hines CEO, President Applied Watch Technologies, Inc. http://www.appliedwatch.com ------=_NextPart_000_0131_01C44F25.7F457860 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Message</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Tom,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>There was a thread started by = someone on the=20 SuSE-security mailing list that no one provided a response=20 to. </FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"http://lists.suse.com/archive/suse-security/2004-May/0143.html">h= ttp://lists.suse.com/archive/suse-security/2004-May/0143.html</A></FONT><= /DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I was wondering if someone on the = snort-users list=20 knew of a bug in 2.1.1 Snort that prevented it from working on a 2.6 = kernel or=20 SuSE 9.1.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>The biggest question to our engineers = so far is=20 whether its a bug in Snort or pcap. </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Eric Hines, GCIA, CISSP</FONT></DIV> <DIV><FONT face=3DArial size=3D2>CEO, President</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Applied Watch Technologies, = Inc.</FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"http://www.appliedwatch.com">http://www.appliedwatch.com</A></FON= T></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3Dtfulton9909@comcast.net = href=3D"mailto:tfulton9909@comcast.net">Tom=20 Fulton</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = title=3Deric.hines@appliedwatch.com=20 href=3D"mailto:eric.hines@appliedwatch.com">'Eric Hines'</A> ; <A=20 title=3Dsnort-users@lists.sourceforge.net=20 = href=3D"mailto:snort-users@lists.sourceforge.net">snort-users@lists.sourc= eforge.net</A>=20 </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, June 10, 2004 = 6:42=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: [Snort-users] = Problems with=20 Snort on SuSE Linux 9.1 (Kernel 2.6)</DIV> <DIV><BR></DIV> <DIV><SPAN class=3D056504001-11062004><FONT face=3DArial = color=3D#0000ff size=3D2>Let=20 me see if I can find anything out on this on the internal = websites. I'm=20 not currently running this combination.</FONT></SPAN></DIV> <DIV><SPAN class=3D056504001-11062004><FONT face=3DArial = color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D056504001-11062004><!-- Converted from text/rtf = format --> <P><SPAN lang=3Den-us><FONT face=3DArial size=3D2>Tom Fulton, = CISSP<BR>Sr.</FONT>=20 <FONT face=3DArial size=3D2>Systems Engineer</FONT><BR><FONT = face=3DArial=20 size=3D2>Novell</FONT><FONT face=3DArial size=3D2>/SuSE = Linux</FONT><BR><FONT=20 face=3DArial size=3D2>San Jose, CA<BR>Mobile: 408-802-0948=20 (Primary)<BR></FONT></SPAN> <BR><SPAN lang=3Den-us><FONT=20 face=3DArial> </FONT></SPAN> </P></SPAN></DIV> <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> <DIV></DIV> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr = align=3Dleft><FONT=20 face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> <A = = href=3D"mailto:snort-users-admin@lists.sourceforge.net">snort-users-admin= @lists.sourceforge.net</A>=20 [mailto:snort-users-admin@lists.sourceforge.net] <B>On Behalf Of = </B>Eric=20 Hines<BR><B>Sent:</B> Thursday, June 10, 2004 5:28 PM<BR><B>To:</B> = <A=20 = href=3D"mailto:snort-users@lists.sourceforge.net">snort-users@lists.sourc= eforge.net</A><BR><B>Subject:</B>=20 [Snort-users] Problems with Snort on SuSE Linux 9.1 (Kernel=20 2.6)<BR><BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2>All,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>We are having customers reporting = Snort 2.1.1=20 not working on SuSE Linux 9.1. When trying to start Snort, they = report a=20 Fatal Error message from pcap.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Is anyone aware of a bugfix that = may have been=20 made in 2.1.1 -> 2.1.3? Or has anyone on this list seen the same = problems=20 when using SuSE 9.1, kernel 2.6 and Snort?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Is it a problem introduced with the = 2.6 kernel=20 in Snort or is it pcap?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Eric Hines</FONT></DIV> <DIV><FONT face=3DArial size=3D2>CEO, President</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Applied Watch Technologies, = Inc.</FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 = href=3D"http://www.appliedwatch.com">http://www.appliedwatch.com</A></FON= T></DIV> <DIV><FONT face=3DArial=20 size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0131_01C44F25.7F457860-- ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
