[Snort-users] Not receiving packets
waynea at ...16653...
Mon Jan 6 19:35:20 EST 2014
I have a new install of snort, I have compiled daq and snort from sources.
I just used the default configure directives and received no errors.
When I run snort everything checks out and operates perfectly except
that it is not reading any packets from any of my interfaces, eth0 or eth1.
-T reports everything good.
I can capture packets using tcpdump no problem,
and in fact I can capture from either interface to a file and then run
snort with 'snort -r capture_file -c /etc/snort/snort.conf' and it works
and alerts as expected.
snort -i eth0 -c /etc/snort/snort.conf nothing
snort -i eth1 -c /etc/snort/snort.conf nothing
tcpdump -i eth0 -w capture_file works
tcpdump -i eth1 -w capture_file works
snort -r capture_file -c /etc/snort/snort.conf works
I have a test rule that alerts on all http traffic, so it is not hard to
get an alert.
Somehow I don't think DAQ is working properly, daq dump gives me nothing.
snort -i em2 --daq dump
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
dump DAQ configured to passive.
Acquiring network traffic from "eth1".
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 22.214.171.124 GRE (Build 208)
'''' By Martin Roesch & The Snort Team:
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.5.0
Using PCRE version: 8.33 2013-05-28
Using ZLIB version: 1.2.8
Commencing packet processing (pid=1466)
More information about the Snort-users