[Snort-users] error meant

Matt Kettler mkettler at ...4108...
Wed Jun 11 15:34:07 EDT 2003

At 05:12 PM 6/11/2003 -0500, msmythe at ...9424... wrote:
>Hi everyone. I found the snort.conf file and uncomenten some things, but i
>have other problem. What that means the following error when i run:
>snort -dev -l log -h xxx.xxx.xxx.xxx/24 -c /etc/sonrt.conf command?
>ERROR. OpenPcap( )device eth0 open:
>                socket: Operation not permitted

That means you're trying to run snort while logged in as a user who is not 
root, and does not have extended permissions to grant him raw IO privleges.

Only root users (system administrators) can open pcap sockets on most systems.

If you want to run snort as non-root for security reasons, start it up as 
root and use the setuid and chroot features to drop it's privleges.

More information about the Snort-users mailing list