Snort mailing list archives
Re: Snort in IPS mode
From: turki <turki_00 () yahoo com>
Date: Mon, 16 May 2011 06:42:39 -0700 (PDT)
What if I only have single interface card "eth0" ?
can I redirect/pair the traffic to itself (i know it is kind of silly statement)
something like this:
snort -Q --daq afpacket -i eth0:eth0 -c snort.conf
--- On Mon, 5/16/11, Michael Altizer <xiche () verizon net> wrote:
From: Michael Altizer <xiche () verizon net>
Subject: Re: [Snort-users] Snort in IPS mode
To: snort-users () lists sourceforge net
Received: Monday, May 16, 2011, 6:27 AM
On 05/15/2011 08:09 PM, turki wrote:
Hi,
I am new to snort, so i need help here.
I am trying to run snort in inline mode with the following
command:
snort -Q --daq afpacket -i eth0 -c snort.conf
but snort initialization keeps failing with error message:
afpacket DAQ configured to inline.
ERROR: Can't initialize DAQ afpacket (-1) -
afpacket_daq_initialize: Invalid interface specification:
'eth0'!
Fatal Error, Quitting..
In order to have an inline deployment you need at least one pair of
interfaces for the traffic to flow through. To that end, you need
to specify a second interface for AFPacket to use to complete the
bridge.
For example:
snort -Q --daq afpacket -i eth0:eth1 -c snort.conf
or (two inline pairs):
snort -Q --daq afpacket -i eth0:eth1::eth2:eth3 -c snort.conf
-----Inline Attachment Follows-----
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
-----Inline Attachment Follows-----
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort in IPS mode turki (May 15)
- Re: Snort in IPS mode Michael Altizer (May 15)
- Re: Snort in IPS mode turki (May 16)
- Re: Snort in IPS mode Michael Altizer (May 16)
- Re: Snort in IPS mode turki (May 16)
- Re: Snort in IPS mode Jason Brvenik (May 18)
- Re: Snort in IPS mode turki (May 16)
- Re: Snort in IPS mode Will Metcalf (May 16)
- Re: Snort in IPS mode turki (May 17)
- Re: Snort in IPS mode Will Metcalf (May 17)
- Re: Snort in IPS mode turki (May 17)
- Re: Snort in IPS mode Russ Combs (May 17)
- Re: Snort in IPS mode turki (May 17)
- Re: Snort in IPS mode turki (May 16)
- Re: Snort in IPS mode Michael Altizer (May 15)