[Snort-users] @snort startup

anagha b banagha3 at ...11827...
Sat Jul 6 04:11:11 EDT 2013


Hi all


I am using snort on ubuntu12.04 and configured one interface eth0 in
barnyard .

I have only one interface eth0 so using it for acquiring packet I am
getting following error.

command  :snort -c /snort-2.9.4.6/etc/snort.conf -i eth0

[ Port Based Pattern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format    : Full-Q
| Finite Automaton  : DFA
| Alphabet Size     : 256 Chars
| Sizeof State      : Variable (1,2,4 bytes)
| Instances         : 150
|     1 byte states : 137
|     2 byte states : 13
|     4 byte states : 0
| Characters        : 65924
| States            : 51762
| Transitions       : 5116509
| State Density     : 38.6%
| Patterns          : 3923
| Match States      : 3795
| Memory (MB)       : 25.72
|   Patterns        : 0.31
|   Match Lists     : 0.46
|   DFA
|     1 byte states : 0.87
|     2 byte states : 23.93
|     4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 396 ]
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
Reload thread starting...
Reload thread started, thread 0xa630ab40 (10746)
ERROR: Can't start DAQ (-1) - socket: Operation not permitted!
Fatal Error, Quitting..


Earlier i have error due to shared libraries

so tried this solution .

LD_LIBRARY_PATH=/usr/local/lib
oneadmin at ...16431...:~$ export LD_LIBRARY_PATH

plz help.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130706/be6d406f/attachment.html>


More information about the Snort-users mailing list