Snort mailing list archives
Re: Snort 3 Permissions
From: Russ via Snort-users <snort-users () lists snort org>
Date: Sat, 15 Jul 2017 18:05:39 -0400
Using sudo is the correct thing to do there. We'll note that in the manual. Thanks Russ On 7/15/17 4:58 PM, Jim Campbell wrote:
I am going through the Snort 3 User Manual with the goal to learn how Snort 3 works. I've hit a small bump in the road.Early in the "First Steps" section it says to do: "snort -r a.pcap -L dump". My version of this is: "/opt/snort/bin/snort -r ./pcaps/ie_aurora_exploitWin2k3.pcap -L dump".= -------------------------------------------------- = o")~ Snort++ 3.0.0-a4-237 = -------------------------------------------------- = -------------------------------------------------- = pcap DAQ configured to read-file. = Commencing packet processing = ++ [0] ./pcaps/ie_aurora_exploitWin2k3.pcap = pkt:1The next example is: "snort -i eth0 -L dump". My version: /opt/snort/bin/snort -i enp0s25 -L dump= pcap DAQ configured to passive. = Commencing packet processing = ++ [0] enp0s25 = Can't start DAQ (-1) - socket: Operation not permitted = Analyzer: Failed to start DAQ instance = -- [0] enp0s25However, If I do this it works: "sudo /opt/snort/bin/snort -i enp0s25 -L dump".= pcap DAQ configured to passive. = Commencing packet processing = ++ [0] enp0s25 = pkt:1 = eth(DLT): 20:1A:06:D6:4A:3A -> 01:00:5E:7F:FF:FA type:0x0800 = ipv4(0x0800): 192.168.0.10 -> 239.255.255.250 = Next:0x11 TTL:4 TOS:0x0 ID:16834 IpLen:20 DgmLen:129 = udp(0x11): SrcPort:55029 DstPort:1900 Len:101Searching the internet I find a recommendation to set up a LD_LIBRARY_PATH pointing to /usr/local/lib. Doesn't help."/opt/snort/bin/snort -u snort -g snort -i enp0s25 -L dump" doesn't work either.Obviously I have a permissions problem but I don't want to go around changing permissions willy-nilly.Suggestions will be much appreciated. Jim
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 3 Permissions Jim Campbell (Jul 15)
- Re: Snort 3 Permissions Russ via Snort-users (Jul 15)