# suricata -c /usr/local/etc/suricata/suricata.yaml -r /root/pcaps/defcon_18-ctf-0204_just_icmpv6.pcap 8/8/2013 -- 15:21:58 - - This is Suricata version 1.4.3 RELEASE 8/8/2013 -- 15:21:58 - - CPUs/cores online: 2 8/8/2013 -- 15:21:58 - - allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32 8/8/2013 -- 15:21:58 - - preallocated 65535 defrag trackers of size 104 8/8/2013 -- 15:21:58 - - defrag memory usage: 8912792 bytes, maximum: 33554432 8/8/2013 -- 15:21:58 - - AutoFP mode using default "Active Packets" flowload balancer 8/8/2013 -- 15:21:58 - - preallocated 1024 packets. Total memory 3168256 8/8/2013 -- 15:21:58 - - allocated 131072 bytes of memory for the host hash... 4096 buckets of size 32 8/8/2013 -- 15:21:58 - - preallocated 1000 hosts of size 76 8/8/2013 -- 15:21:58 - - host memory usage: 207072 bytes, maximum: 16777216 8/8/2013 -- 15:21:58 - - allocated 2097152 bytes of memory for the flow hash... 65536 buckets of size 32 8/8/2013 -- 15:21:58 - - preallocated 10000 flows of size 192 8/8/2013 -- 15:21:58 - - flow memory usage: 4017152 bytes, maximum: 33554432 8/8/2013 -- 15:21:58 - - IP reputation disabled 8/8/2013 -- 15:21:58 - - Added "34" classification types from the classification file 8/8/2013 -- 15:21:58 - - Added "12" reference types from the reference.config file 8/8/2013 -- 15:21:58 - - using magic-file /usr/share/file/magic 8/8/2013 -- 15:21:59 - - Delayed detect disabled 8/8/2013 -- 15:21:59 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /usr/local/etc/suricata/rules/ciarmy.rules 8/8/2013 -- 15:22:00 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /usr/local/etc/suricata/rules/emerging-icmp.rules 8/8/2013 -- 15:22:03 - - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /usr/local/etc/suricata/rules/emerging-virus.rules: No such file or directory. 8/8/2013 -- 15:22:09 - - 50 rule files processed. 13601 rules successfully loaded, 0 rules failed 8/8/2013 -- 15:22:49 - - 13609 signatures processed. 1007 are IP-only rules, 4140 are inspecting packet payload, 10241 inspect application layer, 83 are decoder event only 8/8/2013 -- 15:22:49 - - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete 8/8/2013 -- 15:22:51 - - building signature grouping structure, stage 2: building source address list... complete 8/8/2013 -- 15:23:01 - - building signature grouping structure, stage 3: building destination address lists... complete 8/8/2013 -- 15:23:03 - - [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - signature sid:2520758 has an event var set. The signature event var is given precedence over the threshold.conf one. We'll change this in the future though. 8/8/2013 -- 15:23:03 - - Threshold config parsed: 1 rule(s) found 8/8/2013 -- 15:23:03 - - Core dump size set to unlimited. 8/8/2013 -- 15:23:03 - - fast output device (regular) initialized: fast.log 8/8/2013 -- 15:23:03 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 8/8/2013 -- 15:23:03 - - http-log output device (regular) initialized: http.log 8/8/2013 -- 15:23:03 - - tls-log output device (regular) initialized: tls.log 8/8/2013 -- 15:23:03 - - reading pcap file /root/pcaps/defcon_18-ctf-0204_just_icmpv6.pcap 8/8/2013 -- 15:23:03 - - using magic-file /usr/share/file/magic 8/8/2013 -- 15:23:03 - - returning 0xb32fffd0 8/8/2013 -- 15:23:03 - - using magic-file /usr/share/file/magic 8/8/2013 -- 15:23:03 - - returning 0xb16fffd0 8/8/2013 -- 15:23:03 - - using magic-file /usr/share/file/magic 8/8/2013 -- 15:23:03 - - returning 0xbb26b58 8/8/2013 -- 15:23:03 - - stream "max-sessions": 262144 8/8/2013 -- 15:23:03 - - stream "prealloc-sessions": 32768 8/8/2013 -- 15:23:03 - - stream "memcap": 33554432 8/8/2013 -- 15:23:03 - - stream "midstream" session pickups: disabled 8/8/2013 -- 15:23:03 - - stream "async-oneside": disabled 8/8/2013 -- 15:23:03 - - stream "checksum-validation": enabled 8/8/2013 -- 15:23:03 - - stream."inline": disabled 8/8/2013 -- 15:23:03 - - stream.reassembly "memcap": 67108864 8/8/2013 -- 15:23:03 - - stream.reassembly "depth": 1048576 8/8/2013 -- 15:23:03 - - stream.reassembly "toserver-chunk-size": 2560 8/8/2013 -- 15:23:03 - - stream.reassembly "toclient-chunk-size": 2560 8/8/2013 -- 15:23:03 - - all 4 packet processing threads, 3 management threads initialized, engine started. suricata: detect.c:1760: Detect: Assertion `!((p)->icmpv6h == ((void *)0))' failed. Aborted (core dumped) ]# suricata --build-info This is Suricata version 1.4.3 RELEASE Features: DEBUG DEBUG_VALIDATION UNITTESTS PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW 32-bits, Little-endian architecture GCC version 4.4.7 20120313 (Red Hat 4.4.7-3), C version 199901 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 compiled with libhtp 0.2.13, linked against 0.2.13 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no IPFW support: no DAG enabled: no Napatech enabled: no Unix socket enabled: no libnss support: no libnspr support: no libjansson support: no Prelude support: no PCRE jit: no libluajit: no libgeoip: no Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: yes Debug output enabled: yes Debug validation enabled: yes Profiling enabled: no Profiling locks enabled: no Generic build parameters: Installation prefix (--prefix): /usr/local Configuration directory (--sysconfdir): /usr/local/etc/suricata/ Log directory (--localstatedir) : /usr/local/var/log/suricata/ Host: i686-pc-linux-gnu GCC binary: gcc GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no