[Snort-users] ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!

jtravlos at ...15803... jtravlos at ...15803...
Mon Oct 22 13:39:08 EDT 2012


 I forgot to add that I am running the command as root.


-----Original Message-----
From: jtravlos at ...15803... [mailto:jtravlos at ...15803...]
Sent: Monday, October 22, 2012 01:23 PM
To: snort-users at lists.sourceforge.net
Subject: ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!




I'm a newbie with SNORT and I got it running, sort of. I am having two issues:


1) I did having SNORT working. I had to shutdown the system, when I rebooted, I started getting the following problem when I run SNORT. 


When I run the following commmand:
snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf NOTE:(dag0:0 = port A of the DAG card, dag0:2 = port B)


Initializing Output Plugins!
Log Directory = /data/snortlog
pcap DAQ configured passive.
Acquiring network traffic from 'dag0:0".
ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
Fatal Error, Quiting..


I get the same error if I run:
snort -u snort -g snort -i dag0:0 


I can capture data with a Endace DAG card. Tcpdump can see the DAG card and an capture traffic. 


I am runnig:
CentOS 6.3 x86_64
SNORT 2.9.31 GRE (Build 40)
Libpcap v 1.2.1
PCRE v 7.8
ZLIB v 1.2.3
tcpdump 4.0.0-3
daq 1.1.1-14
Endace 4.2.2 software 




Any help is appreciated.





John Travlos



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121022/52e9eae1/attachment.html>


More information about the Snort-users mailing list