[Snort-users] ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!

jtravlos at ...15803... jtravlos at ...15803...
Fri Oct 19 11:17:27 EDT 2012


I'm a newbie with SNORT and I got it running, sort of. I am having two issues:


1) I did having SNORT working and was trying to get SNORT to output to pcap formated file. I know about the pcap option in snort.conf. When I enable that (output log_tcpdump: /data/snortlog/tcpdump.log) I did not get a file. I used the following command:
snort -b -d -l /data/snortlog -i dag0:0 -c /etc/snort/snort.conf


I had to shutdown the system, when I rebooted, I started getting the following problem when I run SNORT.


2)When I try to riun SNORT I get the following eror message:
snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf NOTE:(dag0:0 = port A of the DAG card, dag0:2 -s port B)


Initializing Output Plugins!

Log Directory = /data/snortlog
pcap DAQ configured passive.
Acquiring network traffic from 'dag0:0".
ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
Fatal Error, Quiting..


I can capture data with a Endace DAG card. Tcpdump can see the DAG card and an capture traffic.


I am runnig:
CentOS 6.3 x86_64
SNORT 2.9.31 GRE (Build 40)
Libpcap v 1.2.1
PCRE v 7.8
ZLIB v 1.2.3
tcpdump 4.0.0-3
daq 1.1.1-14
Endace 4.2.2 software




Any help is appreciated.


Thanks,




John Travlos



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121019/5a4a7495/attachment.html>


More information about the Snort-users mailing list