[Snort-users] RE: ERROR: OpenPcap() device em0 open

Matthew K. Lee mattl at ...12405...
Tue Sep 14 09:00:11 EDT 2004


Never mind...

I must have forgotten to do a 'make depend' or something.  I recompiled
the kernel with bpf support and everything is zen.

Thanks to those of you who would have responded...

Matthew Lee

-----Original Message-----
From: Matthew K. Lee 
Sent: Thursday, September 09, 2004 2:36 PM
To: 'snort-users at lists.sourceforge.net'
Subject: ERROR: OpenPcap() device em0 open

To all who can help:

I have a FreeBSD system that's having some issues.  I'm trying to build
and run snort-2.2.0.  I also get the same issue with the 2.1.3 version
from the ports collection.  

----------------------------------------------
Here's the error snort produces
----------------------------------------------
router# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em0
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface em0
ERROR: OpenPcap() device em0 open:
        (no devices found) /dev/bpf0: Device not configured
Fatal Error, Quitting..


----------------------------------------------
Here's the system information:
----------------------------------------------
The system has two Intel Gigabit Ethernet cards (em0 and em1).  I've got
libpcap (v. 0.8.3) installed.  I've successfully compiled snort with the
following commands:

./configure --with-mysql and --with-flexresp
make
make install

The kernel is custom built with bpf support enabled.  Here's the
important info from uname -v:

FreeBSD 4.10-RELEASE #5: Mon Aug  2 13:54:29 CDT 2004

----------------------------------------------
Here's my question
----------------------------------------------
Is the problem related to GigE and libpcap, or have I done something
else wrong during the compile?  What can be done to fix the issue?

Thanks,

Matthew Lee




More information about the Snort-users mailing list