[Snort-users] snort on an old FreeBSD box (builds but won't r un)

Chris Arnold chris.arnold at ...3942...
Tue Mar 19 06:39:10 EST 2002


bash-2.05$ ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.1.14.245 netmask 0xfffffe00 broadcast 10.1.15.255
        ether 00:90:27:45:cf:f7 
        media: autoselect
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 

As you can see there is currently an IP address bound to the interface.  I'm
using this for basic connectivity while I set this thing up.  When/if I get
it working the interface will be plumbed up with no address.

Chris

-----Original Message-----
From: Martin Roesch [mailto:roesch at ...1935...]
Sent: Monday, March 18, 2002 17.39
To: Chris Arnold; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort on an old FreeBSD box (builds but won't
r un)


What's your 'ifconfig -a' look like?


On 3/18/02 4:11 PM, "Chris Arnold" <chris.arnold at ...3942...> wrote:

> Nope.  I just built snort 1.8.4 (debugging enabled this time) with libpcap
> 0.7.1 and libnet 1.0.2a.    Everything builds nicely.  It will execute
> without a segfault but just doesn't work.  At least it's running nicely on
> Solaris for me :)
> 
> Chris
> 
> # snort -v 
> snort.c:681: Parsing command line...
> snort.c:701: Processing cmd line switch: v
> snort.c:1165: Verbose Flag active
> Failed to lookup for interface: SIOCGIFCONF: Operation not supported.
Please
> specify one with -i switch
> Fatal Error, Quitting..
> # snort -v -i fxp0
> snort.c:681: Parsing command line...
> snort.c:701: Processing cmd line switch: v
> snort.c:1165: Verbose Flag active
> snort.c:701: Processing cmd line switch: i
> snort.c:895: Interface = fxp0
> snort.c:1251: pcap_cmd is NULL
> Log directory = /var/log/snort
> snort.c:172: Opening interface: fxp0
> 
> Initializing Network Interface fxp0
> snaplength info: set=1514/compiled=1514/wanted=0
> ioctl(SIOC*MTU): Operation not supported
> Automagic MTU discovery failed. Using default 1500ERROR: OpenPcap() device
> fxp0 open: 
>       BIOCSETIF: fxp0: Invalid argument
> Fatal Error, Quitting..
> 
> -----Original Message-----
> From: Martin Roesch [mailto:roesch at ...1935...]
> Sent: Monday, March 18, 2002 10:31 AM
> To: Chris Arnold; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] snort on an old FreeBSD box (builds but won't
> run)
> 
> 
> That's really weird, try it without the -I option.  From the error message
> it looks like it's trying to go into readback mode (like you had used the
-r
> switch).  Try just snort -v and see what happens.
> 
>    -Marty
> 
> 
> On 3/18/02 1:00 AM, "Chris Arnold" <chris.arnold at ...3942...> wrote:
> 
>> Hi, all.  I had a whim to build snort 1.8.3 (with libpcap 0.7.1) for an
> old
>> FreeBSD box.  Everything compiles nicely but running is a different
story:
>> 
>> # snort -v -i fxp0
>> Log directory = /var/log/snort
>> 
>> Initializing Network Interface fxp0
>> ioctl(SIOC*MTU): Operation not supported
>> Automagic MTU discovery failed. Using default 1500ERROR: OpenPcap()
device
>> fxp0 open: 
>>       fxp0: Invalid argument
>> Fatal Error, Quitting..
>> 
>> Rebuild with debugging enabled and report back?  The default tcpdump for
> the
>> box runs without a problem.
>> 
>> Chris
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 

-- 
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list