Re: Network Interface Issue in Ubuntu 16.04

[James Lay <jlay () slave-tothe-box net>]

Ah...ok...in the snort source dir, read doc/README.daq.  And, from the
daq README:
AFPACKET Module
===============
afpacket functions similar to the pcap DAQ but with better performance:
    ./snort --daq afpacket -i <device>
            [--daq-var buffer_size_mb=<#MB>]
            [--daq-var debug]
If you want to run afpacket in inline mode, you must craft the device
string as
one or more interface pairs, where each member of a pair is separated
by a
single colon and each pair is separated by a double colon like this:
    eth0:eth1
or this:
    eth0:eth1::eth2:eth3
inline requires a pair of interfaces.
James
On Sat, 2017-02-18 at 19:48 +0700, tantioification . wrote:
> Yes of course i have set it for inline mode.
>
>
>
> On Sat, Feb 18, 2017 at 7:21 PM, James Lay <jlay () slave-tothe-box net>
> wrote:
> > What's your snort.conf look like?  Looks like you have it set for
> > inline.
> >
> > James
> >
> > On Sat, 2017-02-18 at 08:42 +0700, tantioification . wrote:
> > > Like your suggestion
> > >
> > > snort -T -c <my file snort.conf> -i <my interface enp4s0>
> > >
> > > root@snortIDS:/home/adminids# snort -T -c /etc/snort/snort.conf
> > > -i enp4s0
> > > Running in Test mode
> > >
> > >         --== Initializing Snort ==--
> > > Initializing Output Plugins!
> > > Initializing Preprocessors!
> > > Initializing Plug-ins!
> > > Parsing Rules file "/etc/snort/snort.conf"
> > >
> > >
> > > On Sat, Feb 18, 2017 at 8:21 AM, James Lay 
> > > net> wrote:
> > > > What's your start line?
> > > >
> > > > On Sat, 2017-02-18 at 07:52 +0700, tantioification . wrote:
> > > > > Same as before, invalid interface error.
> > > > >
> > > > > afpacket DAQ configured to inline.
> > > > > ERROR: Can't initialize DAQ afpacket (-1) -
> > > > > afpacket_daq_initialize: Invalid interface specification:
> > > > > 'enp4s0'!
> > > > > Fatal Error, Quitting..
> > > > >
> > > > > -----------------------------------------------------------
> > > > > -------------------
> > > > > Check out the vibrant tech community on one of the world's
> > > > > most
> > > > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users () lists sourceforge net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort
> > > > > -users
> > > > >
> > > > > Please visit http://blog.snort.org to stay current on all the
> > > > > latest Snort news!
> -------------------------------------------------------------------
> -----------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!