[Snort-users] ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!

John Travlos, Jr. jtravlos at ...15803...
Wed Oct 24 11:06:50 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marcos,

Thanks for the reply.

You did ask a good question. I did compile snort using the DAG-enabled
pcap library.  The weird things is it's works when I ssh to the box or
run the system at level 3 (multi-user no gui).

I will look at thw link you sent.

Thanks,

On 10/23/12 5:02 PM, Marcos Rodriguez wrote:
> On Mon, Oct 22, 2012 at 1:23 PM, <jtravlos at ...15803...> wrote:
>
>>
>> I'm a newbie with SNORT and I got it running, sort of. I am having two
>> issues:
>>
>> 1) I did having SNORT working. I had to shutdown the system, when I
>> rebooted, I started getting the following problem when I run SNORT.
>>
>> When I run the following commmand:
>> snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf NOTE:(dag0:0
>> = port A of the DAG card, dag0:2 = port B)
>>
>> Initializing Output Plugins!
>> Log Directory = /data/snortlog
>> pcap DAQ configured passive.
>> Acquiring network traffic from 'dag0:0".
>> ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
>> Fatal Error, Quiting..
>>
>> I get the same error if I run:
>> snort -u snort -g snort -i dag0:0
>>
>> I can capture data with a Endace DAG card. Tcpdump can see the DAG card
>> and an capture traffic.
>>
>> Any help is appreciated.
>>
>>
>> John Travlos
>>
>
> Hi John,
>
> I noticed you mentioned tcpdump was working with your DAG card, but I'll
> risk asking anyway:
>
> When you compiled Snort, did you point it to your DAG-enabled pcap library
> during the ./configure process?
>
> Also, you can find a DAG DAQ over here, and works with DAG's native ERF
> format I believe.
>
> https://github.com/SgtMalicious/Endace-DAQ-Module
>
> marcos
>

- -- 
Regards,

John Travlos, Jr.

Rsignia, Inc.

The X-Factor in Cyber Warfare

9693 Gerwig Lane, Suite O
Columbia, MD 21046
p. 410.290.9697 ext. 20
f. 410.290.9694
m. 727-647-1342

www.Rsignia.com

This e-mail and any attachment are confidential and contain proprietary
information, some or all of which may be legally privileged. It is
intended solely for the use of the individual or entity to which it is
addressed.  If you are not the intended recipient, please notify the
author immediately by telephone or by replying to this e-mail, and then
delete all copies of the e-mail on your system.  If you are not the
intended recipient, or you received this email in error, you must not
use, disclose, distribute, copy, print or rely on this e-mail. Rsignia
reserves the right to monitor all email transactions.

PGP Fingerprint:
BECB 9D7C 9543 2A46 1561 D90D E390 694A CC29 0E80
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQiAQKAAoJEHkN0GYbsveq7lEH/jCZ6i1vatYMimfzrKnXoION
CoZIs00DYqPN1rA79MVnFJyhJFkSrgQAtf/D3x17n+bov1p9LPHrKG91hetK8Zm7
loNqYkRMMmrjZyFhWgTZhOMy25h4uxyrGSq/iUne4uATpCkyKkjbqUS78QXj4oAl
mZafUQH9IzuFPL6yERHGxITlclYZdBUZxrKMJpuhYK1Rdm5hLs2IhYMBYa978Vix
8LPL7qVngmwvTPFqpvr7THSj5RdIGdR2Npso1jciCx/3JV1qnRwZnhBw7kDmPIDf
Fw+sxUYY4Khf3WLSzC4ikg8gT+K8LT7urKJ4wkqqmqUoCHZX/TVxsXYPDryrZ2Y=
=CCgT
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list