[Snort-users] "Adapter is in Passive Mode" Warning

Ricky Huang rhuang.work at ...11827...
Fri Mar 8 03:17:01 EST 2013

Anyone… help?

On Mar 6, 2013, at 3:01 PM, Ricky Huang <rhuang.work at ...11827...> wrote:

> Hi all,
> I was playing Snort rules and noticed the following doesn't work:
>> reject ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
> While 
>> alert ICMP any any -> $HOME_NET any (msg:"Shut this rule off, it works now"; sid:100000;)
> works fine.
> So I ran snort with -T flag and noticed:
>> WARNING: /usr/local/etc/snort/snort.conf(641) Adapter is in Passive Mode. Hence switching policy mode to tap.
> Line 641 of snort.conf is where I tried to set policy to "inline" ("config policy_mode:inline").
> Is there supposed to be a build flag to enable IPS capability on Snort? I looked at my FreeBSD ports option:
>> # make showconfig
>> ===> The following configuration options are available for snort-2.9.4_1:
>>      BARNYARD=on: Depend on Barnyard2
>>      DBGSNORT=off: Enable debugging symbols+core dumps
>>      FLEXRESP3=on: Enable flexible response on events (v3)
>>      GRE=on: Enable GRE support
>>      IPV6=on: IPv6 protocol
>>      LRGPCAP=off: Enable pcaps larger than 2GB
>>      MPLS=on: MPLS support
>>      NORMALIZER=on: Enable normalizer
>>      PERFPROFILE=on: Enable performance profiling
>>      PULLEDPORK=on: Depend on pulledpork
>>      REACT=on: Enable react
>>      SNORTSAM=off: Enable unofficial Snortsam patch
>>      SOURCEFIRE=on: Enable Sourcefire-specific build options
>>      TARGETBASED=on: Enable targetbased support
>>      ZLIB=on: Enable GZIP support
> and couldn't seem to find any…
> Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130308/576de1c3/attachment.html>

More information about the Snort-users mailing list