[Snort-users] ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
marcos.e.rodriguez at ...11827...
Tue Oct 23 17:02:58 EDT 2012
On Mon, Oct 22, 2012 at 1:23 PM, <jtravlos at ...15803...> wrote:
> I'm a newbie with SNORT and I got it running, sort of. I am having two
> 1) I did having SNORT working. I had to shutdown the system, when I
> rebooted, I started getting the following problem when I run SNORT.
> When I run the following commmand:
> snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf NOTE:(dag0:0
> = port A of the DAG card, dag0:2 = port B)
> Initializing Output Plugins!
> Log Directory = /data/snortlog
> pcap DAQ configured passive.
> Acquiring network traffic from 'dag0:0".
> ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
> Fatal Error, Quiting..
> I get the same error if I run:
> snort -u snort -g snort -i dag0:0
> I can capture data with a Endace DAG card. Tcpdump can see the DAG card
> and an capture traffic.
> Any help is appreciated.
> John Travlos
I noticed you mentioned tcpdump was working with your DAG card, but I'll
risk asking anyway:
When you compiled Snort, did you point it to your DAG-enabled pcap library
during the ./configure process?
Also, you can find a DAG DAQ over here, and works with DAG's native ERF
format I believe.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users