[Snort-users] FreeBSD + 2 devices + error OpenPcap

Moyer, Shawn SMoyer at ...5894...
Thu Jul 25 14:53:06 EDT 2002


Actually scratch that. I knew I'd got this error before on FBSD but didn't
read your question properly.

Since the BPF character node does exist, it looks like your kernel may not
have BPF support. Check for:

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device   bpf

... in your kernel config.

The generic kernel for FBSD 4.x should include this, so you've likely built
a custom kernel without it. Doesn't look like there's a BPF module --
/modules/ng_bpf.ko is probably for Netgraph (ISDN, PPP, Frame, etc.), so
kldload won't do it.





--shawn


> -----Original Message-----
> From: Moyer, Shawn 
> Sent: Thursday, July 25, 2002 16:40
> To: 'Éric Le Gallais'; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] FreeBSD + 2 devices + error OpenPcap
> 
> 
> You need to create your BPF character nodes. Check the docs 
> on libpcap. 
> 
> Try googling for the error you're getting for a walkthrough.
> 
> 
> 
> 
> --shawn
> 
> > -----Original Message-----
> > From: Éric Le Gallais [mailto:Eric at ...6453...]
> > Sent: Thursday, July 25, 2002 15:49
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] FreeBSD + 2 devices + error OpenPcap
> > 
> > 
> > Hi,
> > 
> > i'm trying to get snort working on Freebsd with 2 ethernet 
> > cards: xl0 and ep1.
> > 
> > These 2 ethernet cards don't have IP adresses.
> > 
> > I've tried ifconfig xl0 up and ifconfig ep1 up
> > I've R(ead)TFM and a lot of other mailing lists.
> > 
> > When I start snort (snort -dev) I get this error:
> > 
> > ----
> > Log directory = /usr/log/snort
> > 
> > Initializing Network Interface xl0
> > ERROR: OpenPcap() device xl0 open:
> > 	(no devices found) /dev/bpf0: Device not configured
> > Fatal Error: Quitting...
> > ----
> > 
> > the device /dev/bpf0 does exists.
> > 
> > Does anyone has any idea?
> > 
> > Éric 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by: Jabber - The world's 
> > fastest growing 
> > real-time communications platform! Don't just IM. Build it in! 
> > http://www.jabber.com/osdn/xim
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 




More information about the Snort-users mailing list