[Oisf-devel] Suricata latest git version: core dump.
Victor Julien
victor at inliniac.net
Mon Jun 4 11:19:14 UTC 2012
On 05/25/2012 08:29 PM, Marcos Rodriguez wrote:
> > Just tried against some pcaps and was able to reproduce the condition.
> > The bt full is attached for your review.
>
> Any chance you can (privately) share the pcap?
>
>
> I'm scouring the pcap repo now. (Our FPC repo stores each pcap at
> approximately 4GB a pop!).
In the bt you can get the current packet number, that matches wireshark.
Useful when trying to extract a stream. To get it, go into the gdb bt,
jump to frame 17 or 18 (one where the *p ptr is avail) and print
p->pcap_cnt.
Cheers,
Victor
>
>
>
> > Are there any plans in place to add --pcap-filter and --pcap-dir types
> > of options as in Snort? Way off topic, but thought I'd ask since
> I was
> > here. :o)
>
> Please open tickets :)
>
>
> Will do!
>
> marcos
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list