[Snort-users] Enc: Problems to start snort 2.9

Ivani A. Nascimento ivani_nascimento at ...6873...
Fri Apr 1 09:38:16 EDT 2011


Thanks for your answer.
My machine is hosted in a Xen's environment. I'm running CentOS 5.5 , kernel 2.6.18-194.8.1.el5.028stab070.5.
As I said, I'm newbie about snort, so I don't know if I forgot any detail configuration.

I've already installed the snort in another virtual machine, but the environment was vmware and all the things worked fine.

This is my interface:

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:XXX.XXX.XXX.XXX  P-t-P:XXX.XXX.XXX.XXX  Bcast:XXX.XXX.XXX.XXX  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Ahn, I'm using snort 2.9.3 (I've used Vincent Cojot's rpms). I saw that there is a new versions the rpm, I'll try update.

Thank you all.

Regards,

Ivani

--- Em qui, 31/3/11, Jason Wallace <jason.r.wallace at ...11827...> escreveu:

> De: Jason Wallace <jason.r.wallace at ...11827...>
> Assunto: Re: [Snort-users] Enc: Problems to start snort 2.9
> Para: "Ivani A. Nascimento" <ivani_nascimento at ...6873...>
> Cc: "Snort Users" <snort-users at lists.sourceforge.net>
> Data: Quinta-feira, 31 de Março de 2011, 18:19
> If it is a VMware virtual
> environment, ensure that vmware-tools is
> installed and the service is started, and then change the
> interface
> type of the VM to e1000. That should be supported in your
> kernel.
> Newer kernels have support for the new vmxnet3 interfaces.
> 
> ... ~ # uname -a
> Linux uscla1004x 2.6.36-gentoo-r5 #7 SMP Wed Feb 16
> 13:30:51 EST 2011
> x86_64 Intel(R) Xeon(R) CPU X5650 @ 2.67GHz GenuineIntel
> GNU/Linux
> 
> ... ~ # zcat /proc/config.gz |grep -i vmx
> CONFIG_VMXNET3=y
> 
> 
> So far they appear to be working well for packet capture.
> 
> 
> Thx,
> Wally
> 
> On Thu, Mar 31, 2011 at 3:27 PM, Ivani A. Nascimento
> <ivani_nascimento at ...6873...>
> wrote:
> > Hi Russ,
> >
> > Thanks for your answer. Really, I saw the post that
> you are
> > mentioning, but any answer.
> >
> > Well, the interface is venet0:0; it's a virtual
> > environment.
> >
> > IIt'll be any change in the kernel? I'm using
> > 2.6.18-194.8.1.el5.028stab070.5.
> >
> > Thank you again.
> >
> >
> >
> > --- Em qui, 31/3/11, Russ Combs <rcombs at ...1935...>
> escreveu:
> >
> > De: Russ Combs <rcombs at ...1935...>
> > Assunto: Re: [Snort-users] Enc: Problems to start
> snort 2.9
> > Para: "Ivani A. Nascimento" <ivani_nascimento at ...6873...>
> > Cc: snort-users at lists.sourceforge.net
> > Data: Quinta-feira, 31 de Março de 2011, 15:21
> >
> > Looks like someone posted the same error about a year
> ago on snort.org with 2.8.5, apparently w/o resolution.
> >
> > What type of interface is it?  libpcap will assume
> SLL for unknown types and expect the kernel to leave room to
> prepend the header.
> >
> >
> > Appears to be making the wrong assumption.
> >
> > On Thu, Mar 31, 2011 at 1:48 PM, Ivani A. Nascimento
> <ivani_nascimento at ...6873...>
> wrote:
> >
> > Hi, folks!
> >
> >
> >
> > I'm newbie using Snort and I have a doubt.
> >
> >
> >
> > I've googled many sites, lists,  but I'm lost about a
> weird error.
> >
> >
> >
> > I've installed the snort 2.9 but I can't start it.
> Looking the logs, I've found:
> >
> >
> >
> > Mar 31 13:45:18 snortlab snort[16294]:        
> --== Initialization Complete ==--
> >
> > Mar 31 13:45:18 snortlab snort[16294]: Commencing
> packet processing (pid=16294)
> >
> > Mar 31 13:45:19 snortlab snort[16294]: Can't acquire
> (-1) - cooked-mode frame doesn't have room for sll header!
> >
> > ---
> >
> > ---
> >
> > Mar 31 13:45:50 snortlab snort[16294]:
> ===============================================================================
> >
> > Mar 31 13:45:50 snortlab snort[16294]:
> ===============================================================================
> >
> > Mar 31 13:45:50 snortlab snort[16294]: dcerpc2
> Preprocessor Statistics
> >
> > Mar 31 13:45:51 snortlab snort[16294]:   Total
> sessions: 0
> >
> > Mar 31 13:45:51 snortlab snort[16294]:
> ===============================================================================
> >
> > Mar 31 13:45:52 snortlab snort[16294]:
> ===============================================================================
> >
> > Mar 31 13:45:52 snortlab snort[16294]: Snort exiting
> >
> >
> >
> > I'm using CentOS 5.5.  Anyone you help me?
> >
> >
> >
> > Thanks for advance,
> >
> >
> >
> > Nix
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> > Create and publish websites with WebMatrix
> >
> > Use the most popular FREE web apps or write code
> yourself;
> >
> > WebMatrix provides all the features you need to
> develop and
> >
> > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> >
> > _______________________________________________
> >
> > Snort-users mailing list
> >
> > Snort-users at lists.sourceforge.net
> >
> > Go to this URL to change user options or unsubscribe:
> >
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> >
> > Snort-users list archive:
> >
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Create and publish websites with WebMatrix
> > Use the most popular FREE web apps or write code
> yourself;
> > WebMatrix provides all the features you need to
> develop and
> > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>




More information about the Snort-users mailing list