Snort mailing list archives
Re: ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device!
From: Marcos Rodriguez <marcos.e.rodriguez () gmail com>
Date: Tue, 23 Oct 2012 17:02:58 -0400
On Mon, Oct 22, 2012 at 1:23 PM, <jtravlos () rsignia com> wrote:
I'm a newbie with SNORT and I got it running, sort of. I am having two issues: 1) I did having SNORT working. I had to shutdown the system, when I rebooted, I started getting the following problem when I run SNORT. When I run the following commmand: snort -u snort -g snort -i dag0:0 -c /etc/snort/snort.conf NOTE:(dag0:0 = port A of the DAG card, dag0:2 = port B) Initializing Output Plugins! Log Directory = /data/snortlog pcap DAQ configured passive. Acquiring network traffic from 'dag0:0". ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! Fatal Error, Quiting.. I get the same error if I run: snort -u snort -g snort -i dag0:0 I can capture data with a Endace DAG card. Tcpdump can see the DAG card and an capture traffic. Any help is appreciated. John Travlos
Hi John, I noticed you mentioned tcpdump was working with your DAG card, but I'll risk asking anyway: When you compiled Snort, did you point it to your DAG-enabled pcap library during the ./configure process? Also, you can find a DAG DAQ over here, and works with DAG's native ERF format I believe. https://github.com/SgtMalicious/Endace-DAQ-Module marcos
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! jtravlos (Oct 19)
- <Possible follow-ups>
- ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! jtravlos (Oct 22)
- Re: ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! Marcos Rodriguez (Oct 23)
- Re: ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! John Travlos, Jr. (Oct 24)
- Re: ERROR: Can't start DAQ (-1) - SIOCGIFHWADDR: No such device! Marcos Rodriguez (Oct 23)