[Snort-users] ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!

Marcos Rodriguez marcos.e.rodriguez at ...11827...
Tue Oct 23 17:02:58 EDT 2012


On Mon, Oct 22, 2012 at 1:23 PM, <jtravlos at ...15803...> wrote:

>
> I'm a newbie with SNORT and I got it running, sort of.  I am having two
> issues:
>
> 1) I did having SNORT working. I had to shutdown the system, when I
> rebooted, I started getting the following problem when I run SNORT.
>
> When I run the following commmand:
> snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf   NOTE:(dag0:0
> = port A of the DAG card, dag0:2 = port B)
>
> Initializing Output Plugins!
> Log Directory = /data/snortlog
> pcap DAQ configured passive.
> Acquiring network traffic from 'dag0:0".
> ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
> Fatal Error, Quiting..
>
> I get the same error if I run:
> snort -u snort -g snort -i dag0:0
>
>   I can capture data with a Endace DAG card. Tcpdump can see the DAG card
> and an capture traffic.
>
> Any help is appreciated.
>
>
> John Travlos
>

Hi John,

I noticed you mentioned tcpdump was working with your DAG card, but I'll
risk asking anyway:

When you compiled Snort, did you point it to your DAG-enabled pcap library
during the ./configure process?

Also, you can find a DAG DAQ over here, and works with DAG's native ERF
format I believe.

https://github.com/SgtMalicious/Endace-DAQ-Module

marcos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121023/70c70eb8/attachment.html>


More information about the Snort-users mailing list