Snort mailing list archives
Re: PPPoE problem with Snort on OpenBSD 4.7.
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 9 Aug 2010 16:16:54 -0400
On Mon, Aug 9, 2010 at 3:07 PM, Schrodinger <schrodinger () konundrum org>wrote:
Hello, I have a problem running Snort on OpenBSD 4.7 with a pppoe interface. I contacted the maintainer of the port and he suggested I bring my problem to this mailing list. I am running Snort Version 2.8.4.1 (Build 38) on OpenBSD 4.7. # uname -a OpenBSD supai 4.7 GENERIC#558 i386 # # pkg_info | fgrep -i snort oinkmaster-2.0 update your Snort rules snort-2.8.4.1-mysql highly flexible sniffer/NIDS # When I try to start snort on the external interface of my firewall I am getting: # snort -c /etc/snort/snort.conf -i pppoe0 -v [...] Initializing Network Interface pppoe0 snort cannot handle data link type 51 # I have made very little changes to the snort.conf so I do not believe that is the problem. I am using this ADSL card here: http://traverse.kd85.com/ "Traverse Viking PCI ADSL2+ Modem Card" From what I can tell the problem is that in src/snort.c there is no support for 'DLT_PPP_ETHER'. I believe you nailed this one. Not sure how back the problem goes, but the
fix will be in Snort 2.9.0. If you are comfortable reading source, hopefully you can download the latest tarball and build from there. The fix won't be in that tarball, but it should be in the next. Can you help with this ? If you need any more information please ask.
Many thanks, Conor. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. MSN: schro5 () hotmail com ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PPPoE problem with Snort on OpenBSD 4.7. Schrodinger (Aug 09)
- Re: PPPoE problem with Snort on OpenBSD 4.7. Russ Combs (Aug 09)
- Re: PPPoE problem with Snort on OpenBSD 4.7. Schrodinger (Aug 09)
- Re: PPPoE problem with Snort on OpenBSD 4.7. Russ Combs (Aug 09)
- Re: PPPoE problem with Snort on OpenBSD 4.7. Schrodinger (Aug 09)
- Re: PPPoE problem with Snort on OpenBSD 4.7. Russ Combs (Aug 09)