[Snort-users] ERROR: OpenPcap() device em0 open

prabu prabu333 at ...8908...
Thu Sep 9 21:07:23 EDT 2004

Hello Matthew,

>router# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em0
>Running in IDS mode
>Log directory = /var/log/snort
>Initializing Network Interface em0
>ERROR: OpenPcap() device em0 open:
 >       (no devices found) /dev/bpf0: Device not configured
>Fatal Error, Quitting..

It seems that ur kernel jave not build with bpf support.So better enable it 
by following these steps;
The Berkeley Packet Filter (bpf) driver needs to be enabled before running 
programs that utilize it. Add this to your kernel config file and build a 
new kernel:

    pseudo-device bpfilter # Berkeley Packet Filter

Secondly, after rebooting you will have to create the device node. This can 
be accomplished by a change to the /dev directory, followed by the execution 

    # sh MAKEDEV bpf0

>Is the problem related to GigE and libpcap, or have I done something
>else wrong during the compile?  What can be done to fix the issue?

Not relavant to libpcap.It is because,ur kernel doesnot support bpf.


Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.756 / Virus Database: 506 - Release Date: 9/8/2004 

More information about the Snort-users mailing list