[Snort-users] Snort on Linux Help
jsage at ...2022...
Mon Nov 26 08:18:02 EST 2001
David Wilkeson wrote:
> I'm running Redhat which was preinstalled on a new Dell server. libpcap
> was installed, but when it didn't work I removed it and installed
> various versions myself.
What "various versions"?
The only version worth bothering with is at: http://www.tcpdump.org/
and is libpcap-0.6.2.tar.gz
> None of them work.
What do you mean? They won't compile? They won't install?
They compile and install, but then what?
You *really* need to be more specific about what you've got, and what's
happening, for someone to be able to help you...
> Do some net cards not
> support promiscuous mode even when the syslog reports them going into
> promiscuous mode?
promiscuous mode isn't necessary for tcpdump/libpcap to "work" -- it
just lets you see more than you might otherwise..
If "ifconfig -a" says the particular interface you're talking about is
in promiscuous mode, I'd be willing to be that it *is*..
What's the output from "uname -a"?
What's the output from "tcpdump -V" if that's working at all...?
> At 02:22 PM 11/21/2001 -0800, you wrote:
>> OK, what flavor of Linux distribution are you running? Have you built
>> your own kernel or are you using the \'stock\' one? RedHat, Mandrake and
>> Slackware all seem to properly support libpcap right out of the box...
>> In any case - until either tcpdump or ethereal work (both use libpcap)
>> you won\'t get anywhere with snort...
More information about the Snort-users