Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort in IPS mode

From: Michael Altizer <xiche () verizon net>
Date: Sun, 15 May 2011 22:27:33 -0400
On 05/15/2011 08:09 PM, turki wrote:

Hi,
I am new to snort, so i need help here.

I am trying to run snort in inline mode with the following command:
snort -Q --daq afpacket -i eth0 -c snort.conf

but snort initialization keeps failing with error message:

afpacket DAQ configured to inline.
ERROR: Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize: Invalid interface specification: 'eth0'! 
Fatal Error, Quitting..
In order to have an inline deployment you need at least one pair of interfaces for the traffic to flow through. To that end, you need to specify a second interface for AFPacket to use to complete the bridge. 

For example:
snort -Q --daq afpacket -i eth0:eth1 -c snort.conf

or (two inline pairs):

snort -Q --daq afpacket -i eth0:eth1::eth2:eth3 -c snort.conf

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: