SUMMARY #2: snooping at unauthorized IP address.

Frank Pardo (fpardo@tisny.com)
Wed, 17 Sep 1997 15:12:45 -0400 (EDT)

Many thanks to James Coby for this supplementary information. The
machine I'm using is running SunOS 5.4, and I was running "snoop" in
verbose mode with input from a disk file, so these three bug items are
sure to be relevant to the second part of my query.

-fp

> From James.E.Coby.Jr@cdc.com Wed Sep 17 13:47 EDT 1997
> From: James.E.Coby.Jr@cdc.com (James Coby)
> Subject: Re: SUMMARY: snooping at unauthorized IP address.
> To: fpardo@tisny.com
> Date: Wed, 17 Sep 1997 12:32:03 -0500 (CDT)
>
> Hi Frank,
>
> I think you are seeing the problem referred to in bug 1193244, 1186804.
> 121609.
>
> >From 121609
>
> Synopsis: snoop core dumps on "ethertype keywords" if reading from
> file
> Description:
> snoop seems to core dump whenever given a keyword that maps to an ethertype
> while reading input from a file.
>
>
> ugmotel:~/bugs/snoop>/usr/sbin/snoop -i trace.out arp
> Segmentation Fault (core dumped)
> bugmotel:~/bugs/snoop>/usr/sbin/snoop -i trace.out rarp
> Segmentation Fault (core dumped)
> bugmotel:~/bugs/snoop>/usr/sbin/snoop -i trace.out ip
> Segmentation Fault (core dumped)
> bugmotel:~/bugs/snoop>/usr/sbin/snoop -i trace.out tcp
> bugmotel:~/bugs/snoop>/usr/sbin/snoop -i trace.out udp
> 1 0.00000 192.29.171.47 -> 192.29.171.255 RIP C (1 destinations)
> bugmotel:~/bugs/snoop>
>
> (UDP and TCP work fine)
>
>
> >From the description 1193244
>
> A problem in the SunOS 5.4 (Solaris 2.4) snoop code causes out of range indices
> when
> processing ARP packets in verbose mode.
>
> Although I don't have it readily available I think your snoop was done in
> verbose mode if I am not mistaken.
>
> Regards,
>
> Jim
>
> --
> Jim Coby :Control Data Systems Inc.
> email : James.E.Coby.Jr@cdc.com
> phone : 1-800-345-6628 U.S. & Canada
> : 612-482-3434 International
> WWW Support Services page : http://www.cdc.com/support
>