[Snort-devel] two fiber interface (vlan) on snort ...

fde fde at ...1415...
Thu Jun 13 02:53:02 EDT 2002


Hello,

Did somebody already use snort with two interfaces fiber giga ?

Here the message snort (debug) of error which I obtains with device 'any' :

/usr/local/bin/snort-1.8.6 -dvi any
Log directory = /var/log/snort

Initializing Network Interface any

         --== Initializing Snort ==--
Decoding 'ANY' on interface any

         --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.6 (Build 105)
By Martin Roesch (roesch at ...402..., www.snort.org)
snort.c:681: Parsing command line...
snort.c:701: Processing cmd line switch: d
snort.c:788: Data Flag active
snort.c:701: Processing cmd line switch: v
snort.c:1165: Verbose Flag active
snort.c:701: Processing cmd line switch: i
snort.c:895: Interface = any
snort.c:1251: pcap_cmd is NULL
snort.c:172: Opening interface: any
snaplength info: set=1514/compiled=1514/wanted=0
snort.c:301: Setting Packet Processor
snort.c:459: Entering pcap loop
Packet!
Scaplen: 62    pktlen: 62
decode.c:600: (Unknown) 81 is not supported. (need tcpdump snapshots to 
test. Please contact us)
Packet!
Scaplen: 414    pktlen: 414
decode.c:600: (Unknown) 81 is not supported. (need tcpdump snapshots to 
test. Please contact us)
Packet!
Scaplen: 62    pktlen: 62
Broken pipe
....

The libpcap used is 0.7.1.

Here my conf :
eth0 : admin nids
eth1 : netgear fiber 621
eth2 : netgear fiber 621

I use the kernel linux 2.2.21.

I is not this error message when I use only eth1 or eth2.

Snort decode vlan without pbs ...

Best Regards.






More information about the Snort-devel mailing list