On Mon, Oct 25, 2004 at 04:36:40PM +1000, Daniel Carosone wrote:
> Haven't had kernel crashes, but I did get some unusual bpf output from
> a nessus run the other day, which I haven't had time to investigate
> further since.
> 
> I got a whole string of messages like the following, on the terminal
> where I started nessusd:
> 
> pcap_compile(ip and src host 10.2.53.224) failed
> pcap_compile(ip and src host 10.2.53.225) failed
> pcap_compile(ip and src host 10.2.53.225) failed
> pcap_compile(ip and src host 10.2.53.225) failed
> pcap_compile(ip and src host 10.2.53.226) failed
> pcap_compile(ip and src host 10.2.53.226) failed
> pcap_compile(ip and src host 10.2.53.226) failed
> pcap_compile(ip and src host 10.2.53.227) failed
> pcap_compile(ip and src host 10.2.53.227) failed
> pcap_compile(ip and src host 10.2.53.227) failed
> pcap_compile(ip and src host 10.2.53.228) failed
> pcap_compile() failed
> pcap_compile(udp and dst port 4315 and src host 10.2.52.2 and udp[9:1]=0x05) failed

Are you running libpcap 0.8.3?  Does tcpdump find those rules acceptable?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933