[Snort-users] IPS using DAQ AFPacket problems

Jake Hann jake at ...17053...
Mon Jan 12 18:09:23 EST 2015

I was given the impression that that command parameter was only needed if
you didn't add the information in the commandline. Regardless I have
uncovered a message saying snort was terminated for lack of memory. I will
work on that and try commands again. Thanks all. 


From: Al Lewis (allewi) [mailto:allewi at ...589...] 
Sent: Monday, January 12, 2015 4:01 PM
To: Jake Hann; 'Y M'
Cc: 'snort-users'
Subject: RE: [Snort-users] IPS using DAQ AFPacket problems


The command should be:


sudo /usr/local/bin/snort -A console -u snort -u snort -c
/etc/snort/snort.conf  --daq afpacket -i eth0:eth1 



Albert Lewis

QA Software Engineer

SOURCEfire, Inc. now part of Cisco

9780 Patuxent Woods Drive
Columbia, MD 21046 

Phone: (office) 443.430.7112

Email: allewi at ...589... <mailto:allewi at ...589...>  


From: Jake Hann [mailto:jake at ...17053...] 
Sent: Monday, January 12, 2015 5:16 PM
To: 'Y M'
Cc: 'snort-users'
Subject: Re: [Snort-users] IPS using DAQ AFPacket problems


Okay, I have my environment setup again. I am running this command to test
and debug: 


sudo /usr/local/bin/snort -A console -u snort -u snort -c
/etc/snort/snort.conf -i eth0:eth1 -Q


One it gets to Decoding Ethernet, snort just dies. I haven't been able to
figure out why. Thanks for your help.


From: Y M [mailto:snort at ...15979...] 
Sent: Thursday, January 01, 2015 1:15 AM
To: Jake Hann
Cc: snort-users
Subject: RE: IPS using DAQ AFPacket problems





What exactly not working? Are you receiving any sort of errors? Please share
your snort.conf and the command you use to run Snort so we can take a look.


Please keep the posts on the list.




From: jake at ...17053... <mailto:jake at ...17053...> 
To: snort at ...15979... <mailto:snort at ...15979...> 
Subject: IPS using DAQ AFPacket problems
Date: Wed, 31 Dec 2014 14:45:05 -0700

I successfully setup snort using one of the guides on snort.org. I was
trying to now turn it into an inline IPS using the Snort IPS using DAQ
AFPacket guide and it is not working. I followed all the steps to no avail.
I have done some poking around the internet but have not been able to find
anyone who can help me with my problem. Where would you recommend I go for
help. Thank you.


Jake Hann

Information Technician

Heartland Pharmacy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150112/b03fa800/attachment.html>

More information about the Snort-users mailing list