[Snort-users] ERROR: OpenPcap() device em0 open

Matthew K. Lee mattl at ...12405...
Fri Sep 10 07:57:01 EDT 2004


Thanks for your assistance.

Matthew Lee

-----Original Message-----
From: prabu [mailto:prabu333 at ...8908...] 
Sent: Thursday, September 09, 2004 11:06 PM
To: Matthew K. Lee; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ERROR: OpenPcap() device em0 open

Hello Matthew,

>router# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em0
>Running in IDS mode
>Log directory = /var/log/snort
>Initializing Network Interface em0
>ERROR: OpenPcap() device em0 open:
 >       (no devices found) /dev/bpf0: Device not configured
>Fatal Error, Quitting..

It seems that ur kernel jave not build with bpf support.So better enable
by following these steps;
The Berkeley Packet Filter (bpf) driver needs to be enabled before
programs that utilize it. Add this to your kernel config file and build
new kernel:

    pseudo-device bpfilter # Berkeley Packet Filter

Secondly, after rebooting you will have to create the device node. This
be accomplished by a change to the /dev directory, followed by the

    # sh MAKEDEV bpf0

>Is the problem related to GigE and libpcap, or have I done something
>else wrong during the compile?  What can be done to fix the issue?

Not relavant to libpcap.It is because,ur kernel doesnot support bpf.


Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.756 / Virus Database: 506 - Release Date: 9/8/2004 

More information about the Snort-users mailing list