[Snort-users] ERROR: OpenPcap() device em0 open

prabu prabu333 at ...8908...
Thu Sep 9 21:07:23 EDT 2004


Hello Matthew,


>router# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em0
>Running in IDS mode
>Log directory = /var/log/snort
>
>Initializing Network Interface em0
>ERROR: OpenPcap() device em0 open:
 >       (no devices found) /dev/bpf0: Device not configured
>Fatal Error, Quitting..

It seems that ur kernel jave not build with bpf support.So better enable it 
by following these steps;
The Berkeley Packet Filter (bpf) driver needs to be enabled before running 
programs that utilize it. Add this to your kernel config file and build a 
new kernel:

    pseudo-device bpfilter # Berkeley Packet Filter

Secondly, after rebooting you will have to create the device node. This can 
be accomplished by a change to the /dev directory, followed by the execution 
of:

    # sh MAKEDEV bpf0


>Is the problem related to GigE and libpcap, or have I done something
>else wrong during the compile?  What can be done to fix the issue?

Not relavant to libpcap.It is because,ur kernel doesnot support bpf.


Cheers,
Prabu.S








---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.756 / Virus Database: 506 - Release Date: 9/8/2004 






More information about the Snort-users mailing list