[Snort-users] ERROR: OpenPcap() device em0 open

Matthew K. Lee mattl at ...12405...
Fri Sep 10 07:57:01 EDT 2004


Prabu,

Thanks for your assistance.

Matthew Lee

-----Original Message-----
From: prabu [mailto:prabu333 at ...8908...] 
Sent: Thursday, September 09, 2004 11:06 PM
To: Matthew K. Lee; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ERROR: OpenPcap() device em0 open

Hello Matthew,


>router# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em0
>Running in IDS mode
>Log directory = /var/log/snort
>
>Initializing Network Interface em0
>ERROR: OpenPcap() device em0 open:
 >       (no devices found) /dev/bpf0: Device not configured
>Fatal Error, Quitting..

It seems that ur kernel jave not build with bpf support.So better enable
it 
by following these steps;
The Berkeley Packet Filter (bpf) driver needs to be enabled before
running 
programs that utilize it. Add this to your kernel config file and build
a 
new kernel:

    pseudo-device bpfilter # Berkeley Packet Filter

Secondly, after rebooting you will have to create the device node. This
can 
be accomplished by a change to the /dev directory, followed by the
execution 
of:

    # sh MAKEDEV bpf0


>Is the problem related to GigE and libpcap, or have I done something
>else wrong during the compile?  What can be done to fix the issue?

Not relavant to libpcap.It is because,ur kernel doesnot support bpf.


Cheers,
Prabu.S








---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.756 / Virus Database: 506 - Release Date: 9/8/2004 






More information about the Snort-users mailing list