Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort on an old FreeBSD box (builds but won't r un)

From: Chris Arnold <chris.arnold () WheelHouse com>
Date: Tue, 19 Mar 2002 09:37:47 -0500
bash-2.05$ ifconfig -a
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.1.14.245 netmask 0xfffffe00 broadcast 10.1.15.255
        ether 00:90:27:45:cf:f7 
        media: autoselect
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 

As you can see there is currently an IP address bound to the interface.  I'm
using this for basic connectivity while I set this thing up.  When/if I get
it working the interface will be plumbed up with no address.

Chris

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Monday, March 18, 2002 17.39
To: Chris Arnold; snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort on an old FreeBSD box (builds but won't
r un)


What's your 'ifconfig -a' look like?


On 3/18/02 4:11 PM, "Chris Arnold" <chris.arnold () WheelHouse com> wrote:


Nope.  I just built snort 1.8.4 (debugging enabled this time) with libpcap
0.7.1 and libnet 1.0.2a.    Everything builds nicely.  It will execute
without a segfault but just doesn't work.  At least it's running nicely on
Solaris for me :)

Chris

# snort -v 
snort.c:681: Parsing command line...
snort.c:701: Processing cmd line switch: v
snort.c:1165: Verbose Flag active
Failed to lookup for interface: SIOCGIFCONF: Operation not supported.

Please

specify one with -i switch
Fatal Error, Quitting..
# snort -v -i fxp0
snort.c:681: Parsing command line...
snort.c:701: Processing cmd line switch: v
snort.c:1165: Verbose Flag active
snort.c:701: Processing cmd line switch: i
snort.c:895: Interface = fxp0
snort.c:1251: pcap_cmd is NULL
Log directory = /var/log/snort
snort.c:172: Opening interface: fxp0

Initializing Network Interface fxp0
snaplength info: set=1514/compiled=1514/wanted=0
ioctl(SIOC*MTU): Operation not supported
Automagic MTU discovery failed. Using default 1500ERROR: OpenPcap() device
fxp0 open: 
      BIOCSETIF: fxp0: Invalid argument
Fatal Error, Quitting..

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]
Sent: Monday, March 18, 2002 10:31 AM
To: Chris Arnold; snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort on an old FreeBSD box (builds but won't
run)


That's really weird, try it without the -I option.  From the error message
it looks like it's trying to go into readback mode (like you had used the

-r

switch).  Try just snort -v and see what happens.

   -Marty


On 3/18/02 1:00 AM, "Chris Arnold" <chris.arnold () WheelHouse com> wrote:


Hi, all.  I had a whim to build snort 1.8.3 (with libpcap 0.7.1) for an

old

FreeBSD box.  Everything compiles nicely but running is a different

story:


# snort -v -i fxp0
Log directory = /var/log/snort

Initializing Network Interface fxp0
ioctl(SIOC*MTU): Operation not supported
Automagic MTU discovery failed. Using default 1500ERROR: OpenPcap()

device

fxp0 open: 
      fxp0: Invalid argument
Fatal Error, Quitting..

Rebuild with debugging enabled and report back?  The default tcpdump for

the

box runs without a problem.

Chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: