Snort mailing list archives
Re: IPS using DAQ AFPacket problems
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 12 Jan 2015 23:00:51 +0000
The command should be: sudo /usr/local/bin/snort -A console -u snort -u snort -c /etc/snort/snort.conf --daq afpacket -i eth0:eth1 Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Jake Hann [mailto:jake () pharmeaserx com] Sent: Monday, January 12, 2015 5:16 PM To: 'Y M' Cc: 'snort-users' Subject: Re: [Snort-users] IPS using DAQ AFPacket problems Okay, I have my environment setup again. I am running this command to test and debug: sudo /usr/local/bin/snort -A console -u snort -u snort -c /etc/snort/snort.conf -i eth0:eth1 -Q One it gets to Decoding Ethernet, snort just dies. I haven't been able to figure out why. Thanks for your help. From: Y M [mailto:snort () outlook com] Sent: Thursday, January 01, 2015 1:15 AM To: Jake Hann Cc: snort-users Subject: RE: IPS using DAQ AFPacket problems ________________________________ What exactly not working? Are you receiving any sort of errors? Please share your snort.conf and the command you use to run Snort so we can take a look. Please keep the posts on the list. YM ________________________________ From: jake () pharmeaserx com<mailto:jake () pharmeaserx com> To: snort () outlook com<mailto:snort () outlook com> Subject: IPS using DAQ AFPacket problems Date: Wed, 31 Dec 2014 14:45:05 -0700 I successfully setup snort using one of the guides on snort.org. I was trying to now turn it into an inline IPS using the Snort IPS using DAQ AFPacket guide and it is not working. I followed all the steps to no avail. I have done some poking around the internet but have not been able to find anyone who can help me with my problem. Where would you recommend I go for help. Thank you. Jake Hann Information Technician Heartland Pharmacy
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: IPS using DAQ AFPacket problems Y M (Jan 01)
- Re: IPS using DAQ AFPacket problems Jake Hann (Jan 12)
- Re: IPS using DAQ AFPacket problems Al Lewis (allewi) (Jan 12)
- Re: IPS using DAQ AFPacket problems Al Lewis (allewi) (Jan 12)
- Re: IPS using DAQ AFPacket problems Jake Hann (Jan 12)
- Re: IPS using DAQ AFPacket problems Al Lewis (allewi) (Jan 12)
- Re: IPS using DAQ AFPacket problems Jake Hann (Jan 12)