[Snort-users] IPS using DAQ AFPacket problems

Jake Hann jake at ...17053...
Mon Jan 12 18:09:23 EST 2015


I was given the impression that that command parameter was only needed if
you didn't add the information in the commandline. Regardless I have
uncovered a message saying snort was terminated for lack of memory. I will
work on that and try commands again. Thanks all. 

 

From: Al Lewis (allewi) [mailto:allewi at ...589...] 
Sent: Monday, January 12, 2015 4:01 PM
To: Jake Hann; 'Y M'
Cc: 'snort-users'
Subject: RE: [Snort-users] IPS using DAQ AFPacket problems

 

The command should be:

 

sudo /usr/local/bin/snort -A console -u snort -u snort -c
/etc/snort/snort.conf  --daq afpacket -i eth0:eth1 

 

 

Albert Lewis

QA Software Engineer

SOURCEfire, Inc. now part of Cisco

9780 Patuxent Woods Drive
Columbia, MD 21046 

Phone: (office) 443.430.7112

Email: allewi at ...589... <mailto:allewi at ...589...>  

 

From: Jake Hann [mailto:jake at ...17053...] 
Sent: Monday, January 12, 2015 5:16 PM
To: 'Y M'
Cc: 'snort-users'
Subject: Re: [Snort-users] IPS using DAQ AFPacket problems

 

Okay, I have my environment setup again. I am running this command to test
and debug: 

 

sudo /usr/local/bin/snort -A console -u snort -u snort -c
/etc/snort/snort.conf -i eth0:eth1 -Q

 

One it gets to Decoding Ethernet, snort just dies. I haven't been able to
figure out why. Thanks for your help.

 

From: Y M [mailto:snort at ...15979...] 
Sent: Thursday, January 01, 2015 1:15 AM
To: Jake Hann
Cc: snort-users
Subject: RE: IPS using DAQ AFPacket problems

 

 

  _____  

 

What exactly not working? Are you receiving any sort of errors? Please share
your snort.conf and the command you use to run Snort so we can take a look.

 

Please keep the posts on the list.

 

YM

  _____  

From: jake at ...17053... <mailto:jake at ...17053...> 
To: snort at ...15979... <mailto:snort at ...15979...> 
Subject: IPS using DAQ AFPacket problems
Date: Wed, 31 Dec 2014 14:45:05 -0700

I successfully setup snort using one of the guides on snort.org. I was
trying to now turn it into an inline IPS using the Snort IPS using DAQ
AFPacket guide and it is not working. I followed all the steps to no avail.
I have done some poking around the internet but have not been able to find
anyone who can help me with my problem. Where would you recommend I go for
help. Thank you.

 

Jake Hann

Information Technician

Heartland Pharmacy

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150112/b03fa800/attachment.html>


More information about the Snort-users mailing list