[Snort-users] Network Interface Issue in Ubuntu 16.04

James Lay jlay at ...13475...
Sat Feb 18 09:34:56 EST 2017


Ah...ok...in the snort source dir, read doc/README.daq.  And, from the
daq README:
AFPACKET Module
===============
afpacket functions similar to the pcap DAQ but with better performance:
    ./snort --daq afpacket -i <device>
            [--daq-var buffer_size_mb=<#MB>]
            [--daq-var debug]
If you want to run afpacket in inline mode, you must craft the device
string as
one or more interface pairs, where each member of a pair is separated
by a
single colon and each pair is separated by a double colon like this:
    eth0:eth1
or this:
    eth0:eth1::eth2:eth3
inline requires a pair of interfaces.
James
On Sat, 2017-02-18 at 19:48 +0700, tantioification . wrote:
> Yes of course i have set it for inline mode.
> 
> 
> 
> On Sat, Feb 18, 2017 at 7:21 PM, James Lay <jlay at ...13475...>
> wrote:
> > What's your snort.conf look like?  Looks like you have it set for
> > inline.
> > 
> > James
> > 
> > On Sat, 2017-02-18 at 08:42 +0700, tantioification . wrote:
> > > Like your suggestion
> > > 
> > > snort -T -c <my file snort.conf> -i <my interface enp4s0>
> > > 
> > > root at ...17791...:/home/adminids# snort -T -c /etc/snort/snort.conf
> > > -i enp4s0
> > > Running in Test mode
> > > 
> > >         --== Initializing Snort ==--
> > > Initializing Output Plugins!
> > > Initializing Preprocessors!
> > > Initializing Plug-ins!
> > > Parsing Rules file "/etc/snort/snort.conf"
> > > 
> > > 
> > > On Sat, Feb 18, 2017 at 8:21 AM, James Lay 
> > > net> wrote:
> > > > What's your start line?
> > > > 
> > > > On Sat, 2017-02-18 at 07:52 +0700, tantioification . wrote:
> > > > > Same as before, invalid interface error.
> > > > > 
> > > > > afpacket DAQ configured to inline.
> > > > > ERROR: Can't initialize DAQ afpacket (-1) -
> > > > > afpacket_daq_initialize: Invalid interface specification:
> > > > > 'enp4s0'!
> > > > > Fatal Error, Quitting..
> > > > > 
> > > > > -----------------------------------------------------------
> > > > > -------------------
> > > > > Check out the vibrant tech community on one of the world's
> > > > > most
> > > > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users at lists.sourceforge.net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort
> > > > > -users
> > > > > 
> > > > > Please visit http://blog.snort.org to stay current on all the
> > > > > latest Snort news!
> -------------------------------------------------------------------
> -----------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170218/8ddfe5f9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2017-02-18_194806.png
Type: image/png
Size: 30114 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170218/8ddfe5f9/attachment.png>


More information about the Snort-users mailing list