[Snort-users] pcap DAQ does not support inline

Y M snort at ...15979...
Mon Apr 22 11:56:45 EDT 2013


pcap does not support inline mode, it is meant for passive mode only. Instead, use afpacket for inline mode.

To make sure it is installed, run Snort as

snort --daq-list

This will return a list of the installed daq modules.
________________________________
From: Joao Daniel Neves<mailto:joaodanielnevesss at ...125...>
Sent: ‎4/‎22/‎2013 6:47 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] pcap DAQ does not support inline

Hi,

I'm getting this error when running Snort in inline mode "ERROR: pcap DAQ does not support inline". I have searched on Google, but did not get any thing usefull. The point is I don't even know why this happening.

What do you suggest ?

Some informations for debugging:

My daq dir is /usr/local/lib/daq

ls /usr/local/lib/daq
daq_afpacket.la
daq_afpacket.so
daq_dump.la
daq_dump.so
daq_ipfw.la
daq_ipfw.so
daq_pcap.la
daq_pcap.so

I tryed to start Snort with

/usr/local/bin/snort -Q -i eth1 --daq-dir /usr/local/lib/daq/ -c /etc/snort/snort.conf
/usr/local/bin/snort -Q -de *--daq nfq* --daq-dir /usr/local/lib/daq -c /etc/snort/snort.conf
/usr/local/bin/snort  —daq pcap -Q -c /etc/snort/snort.conf -i eth0:eth1
/usr/local/bin/snort -Q -c /etc/snort/snort.conf -i eth0:eth1

None of them worked.

Some more informations

/usr/lib/libpcap.a
/usr/lib/libpcap.so
/usr/lib/libpcap.so.0
/usr/lib/libpcap.so.0.9
/usr/lib/libpcap.so.0.9.4
/usr/lib/libpcap.so.1
/usr/lib/libpcap.so.1.3.0
/usr/lib64/libpcap.so.0
/usr/lib64/libpcap.so.0.9
/usr/lib64/libpcap.so.0.9.4
/usr/local/lib/libpcap.a
/usr/local/lib/libpcap.so
/usr/local/lib/libpcap.so.1
/usr/local/lib/libpcap.so.1.3.0
/usr/local/lib/daq/daq_pcap.la
/usr/local/lib/daq/daq_pcap.so

Maybe those multiple versions of pcap are causing the error ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130422/248335f1/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list