Re: Snort on Linux Help

[John Sage <jsage () finchhaven com>]

David:

David Wilkeson wrote:

> I'm running Redhat which was preinstalled on a new Dell server.  libpcap 
> was installed, but when it didn't work I removed it and installed 
> various versions myself.


What "various versions"?

The only version worth bothering with is at: http://www.tcpdump.org/

and is libpcap-0.6.2.tar.gz

> None of them work.



What do you mean? They won't compile? They won't install?

They compile and install, but then what?

You *really* need to be more specific about what you've got, and what's 
happening, for someone to be able to help you...


> Do some net cards not 
> support promiscuous mode even when the syslog reports them going into 
> promiscuous mode?


promiscuous mode isn't necessary for tcpdump/libpcap to "work" -- it 
just lets you see more than you might otherwise..

If "ifconfig -a" says the particular interface you're talking about is 
in promiscuous mode, I'd be willing to be that it *is*..

What's the output from "uname -a"?

What's the output from "tcpdump -V" if that's working at all...?


- John

> At 02:22 PM 11/21/2001 -0800, you wrote:
>
> > OK, what flavor of Linux distribution are you running? Have you built
> > your own kernel or are you using the \'stock\' one? RedHat, Mandrake and
> > Slackware all seem to properly support libpcap right out of the box...
> >
> > In any case - until either tcpdump or ethereal work (both use libpcap)
> > you won\'t get anywhere with snort...




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users