Snort mailing list archives

Re: Snort 1.7 problem with -i any

From: Edwin Chiu <Edwin.Chiu () e-wares com>
Date: Tue, 05 Jun 2001 10:10:16 -0400

Neil Dickey wrote:


Edwin Chiu <Edwin.Chiu () e-wares com> wrote asking:

Checked the archives, didn't really see any resolution on this issue...

Snort 1.7, libpcap 0.6.2, kernel 2.4.4

                             ^^^^^^^^^^^^
I'm running Linux.

Tried this:
[root@orion bin]# ./snort -i any -c ../etc/snort.conf

                              ^^^
[ ... ]


Anything I can do, or should I try out snort 1.8 beta?


You don't specify, but I'm guessing you're running some flavor of unix.

What you're instructing Snort to do on your command line is to open an
interface named "any", and it can't find it.  Normally in unix interface
names look something like "le0" or "hme0" ( I run Solaris. ).  Find out
what the interface you wish to monitor is called and substitute its name
for "any" in your command line.


I'm aware of this, but I was under the impression that libpcap and/or
snort could listen to all interfaces with the "-i any" flag, like 
tcpdump.

Regards,
Edwin

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.7 problem with -i any Edwin Chiu (Jun 04)
- <Possible follow-ups>
- Re: Snort 1.7 problem with -i any Neil Dickey (Jun 04)
  - Re: Snort 1.7 problem with -i any Edwin Chiu (Jun 05)
    - Re: Snort 1.7 problem with -i any Fyodor (Jun 05)
- Snort 1.7 problem with -i any Edwin Chiu (Jun 04)
- Re: Snort 1.7 problem with -i any Neil Dickey (Jun 05)