Do the Following command :

Running inline Snort

ifconfig eth1 promisc up
ifconfig eth2 promisc up
snort --daq afpacket -i eth1:eth2 -Q -c snort.conf

where eth<value> or other internet card can be found by ‘ifconfig’ command line

then I downloaded the snort.conf then I rename the file for launch the last down command line !

That return this :

snort --daq afpacket -i enp5s0 -Q -c snort.confEnabling inline operation

Running in IDS mode

 

        --== Initializing Snort ==--

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file "snort.conf"

PortVar 'HTTP_PORTS' defined :  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1812 1830 1942 2231 2301 2381 2578 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5450 5600 5814 6080 6173 6988 7000:7001 7005 7071 7144:7145 7510 7770 7777:7779 8000:8001 8008 8014:8015 8020 8028 8040 8080:8082 8085 8088 8090 8118 8123 8180:8182 8222 8243 8280 8300 8333 8344 8400 8443 8500 8509 8787 8800 8888 8899 8983 9000 9002 9060 9080 9090:9091 9111 9290 9443 9447 9710 9788 9999:10000 11371 12601 13014 15489 19980 29991 33300 34412 34443:34444 40007 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]

PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]

PortVar 'SSH_PORTS' defined :  [ 22 ]

PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]

PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]

PortVar 'FILE_DATA_PORTS' defined :  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1812 1830 1942 2231 2301 2381 2578 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5450 5600 5814 6080 6173 6988 7000:7001 7005 7071 7144:7145 7510 7770 7777:7779 8000:8001 8008 8014:8015 8020 8028 8040 8080:8082 8085 8088 8090 8118 8123 8180:8182 8222 8243 8280 8300 8333 8344 8400 8443 8500 8509 8787 8800 8888 8899 8983 9000 9002 9060 9080 9090:9091 9111 9290 9443 9447 9710 9788 9999:10000 11371 12601 13014 15489 19980 29991 33300 34412 34443:34444 40007 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]

PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]

Detection:

   Search-Method = AC-Full-Q

    Split Any/Any group = enabled

    Search-Method-Optimizations = enabled

    Maximum pattern length = 20

ERROR: ./classification.config(0) Unable to open rules file "./classification.config": No such file or directory.

 

Fatal Error, Quitting..

 

Finaly I downloaded the classification config file but too I give execute right then same error…

Thank you in advance to repair my inline mode,

Regards.


Dorian ROSSE.