Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 3 Permissions

From: Russ via Snort-users <snort-users () lists snort org>
Date: Sat, 15 Jul 2017 18:05:39 -0400
Using sudo is the correct thing to do there.  We'll note that in the manual.

Thanks
Russ

On 7/15/17 4:58 PM, Jim Campbell wrote:
I am going through the Snort 3 User Manual with the goal to learn how Snort 3 works. I've hit a small bump in the road.
Early in the "First Steps" section it says to do: "snort -r a.pcap -L dump". My version of this is: "/opt/snort/bin/snort -r ./pcaps/ie_aurora_exploitWin2k3.pcap -L dump". 
= --------------------------------------------------
= o")~   Snort++ 3.0.0-a4-237
= --------------------------------------------------
= --------------------------------------------------
= pcap DAQ configured to read-file.
= Commencing packet processing
= ++ [0] ./pcaps/ie_aurora_exploitWin2k3.pcap
= pkt:1
The next example is: "snort -i eth0 -L dump". My version: /opt/snort/bin/snort -i enp0s25 -L dump 
= pcap DAQ configured to passive.
= Commencing packet processing
= ++ [0] enp0s25
= Can't start DAQ (-1) - socket: Operation not permitted
= Analyzer: Failed to start DAQ instance
= -- [0] enp0s25
However, If I do this it works: "sudo /opt/snort/bin/snort -i enp0s25 -L dump". 
= pcap DAQ configured to passive.
= Commencing packet processing
= ++ [0] enp0s25
= pkt:1
= eth(DLT):  20:1A:06:D6:4A:3A -> 01:00:5E:7F:FF:FA type:0x0800
= ipv4(0x0800):  192.168.0.10 -> 239.255.255.250
=         Next:0x11 TTL:4 TOS:0x0 ID:16834 IpLen:20 DgmLen:129
= udp(0x11):  SrcPort:55029 DstPort:1900 Len:101
Searching the internet I find a recommendation to set up a LD_LIBRARY_PATH pointing to /usr/local/lib. Doesn't help.
"/opt/snort/bin/snort -u snort -g snort -i enp0s25 -L dump" doesn't work either.
Obviously I have a permissions problem but I don't want to go around changing permissions willy-nilly. 

Suggestions will be much appreciated.

Jim



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: