Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bridging issue inline

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Wed, 29 Mar 2017 15:16:29 +0000
How are you starting snort?

There is a debug option if you use --daq-var. 

See the daq readme.

afpacket functions similar to the pcap DAQ but with better performance:

    ./snort --daq afpacket -i <device>
            [--daq-var buffer_size_mb=<#MB>]
            [--daq-var debug]





Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com

________________________________________
From: B <dustythepath () gmail com>
Sent: Wednesday, March 29, 2017 12:54 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Bridging issue inline

Hello,
I’m having trouble with the bridging for Snort inline use on a VMware ESXi host.  This is using afpacket inline.

Is there a way to debug the bridge? I have tried all kinds of troubleshooting and command line testing. I get snort up, 
running in inline mode, but no traffic is seen except what hits one side of the bridge. So, again:

How do you debug, view that the bridge is set up?
Do the DAQ modules need bridging enabled in the kernel, or is it a “software” bridge?

Thanks
Bill

I apologize for hijacking a another thread, it was unintentional.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: