Closed sakas23 closed 4 years ago
Xiche
commented
4 years ago This issue tracker is for Snort 3 (you're using Snort 2). For usage help, please use the mailing lists (https://snort.org/community#mailing_lists). As a one time bonus, your problem is that you put Snort (and thus AFPacket) in inline mode (-Q) but didn't give the AFPacket DAQ module a valid interface pair.
sakas23
commented
4 years ago This issue tracker is for Snort 3 (you're using Snort 2). For usage help, please use the mailing lists (https://snort.org/community#mailing_lists). As a one time bonus, your problem is that you put Snort (and thus AFPacket) in inline mode (-Q) but didn't give the AFPacket DAQ module a valid interface pair.
Hello Xiche,
Thank you for your reply and i apologize i didnt notice that to be honest.
I am just trying to find a solution to this problem and i cant.
So what i need to to do is to create a new network interface in the server?
And maybe could you enlight me how to do this?
Thanks in advance
rdpmc
commented
4 years ago For afpacket inline mode you need 2 interfaces on your server and specify them in snort conf in this format: IFACE1:IFACE2, replace with your iface names
вт, 3 дек. 2019 г. в 18:41, sakas23 notifications@github.com:
This issue tracker is for Snort 3 (you're using Snort 2). For usage help, please use the mailing lists (https://snort.org/community#mailing_lists). As a one time bonus, your problem is that you put Snort (and thus AFPacket) in inline mode (-Q) but didn't give the AFPacket DAQ module a valid interface pair.
Hello Xiche,
Thank you for your reply and i apologize i didnt notice that to be honest.
I am just trying to find a solution to this problem and i cant.
So what i need to to do is to create a new network interface in the server?
And maybe could you enlight me how to do this?
Thanks in advance
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/snort3/snort3/issues/108?email_source=notifications&email_token=AEV5CWHX63MBMTYURD6PBDLQWZ42XA5CNFSM4JUZ3BPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFZZYXA#issuecomment-561224796, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEV5CWG73OITJJM2KHSL6FLQWZ42XANCNFSM4JUZ3BPA .
sakas23
commented
4 years ago For afpacket inline mode you need 2 interfaces on your server and specify them in snort conf in this format: IFACE1:IFACE2, replace with your iface names вт, 3 дек. 2019 г. в 18:41, sakas23 notifications@github.com: … This issue tracker is for Snort 3 (you're using Snort 2). For usage help, please use the mailing lists (https://snort.org/community#mailing_lists). As a one time bonus, your problem is that you put Snort (and thus AFPacket) in inline mode (-Q) but didn't give the AFPacket DAQ module a valid interface pair. Hello Xiche, Thank you for your reply and i apologize i didnt notice that to be honest. I am just trying to find a solution to this problem and i cant. So what i need to to do is to create a new network interface in the server? And maybe could you enlight me how to do this? Thanks in advance — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#108?email_source=notifications&email_token=AEV5CWHX63MBMTYURD6PBDLQWZ42XA5CNFSM4JUZ3BPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFZZYXA#issuecomment-561224796>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEV5CWG73OITJJM2KHSL6FLQWZ42XANCNFSM4JUZ3BPA .
Hello rdpmc,
Thank you for your reply.
So now i have only one : enp0s3.
Is it possible to create a new one in the same machine?
And my other question is where do i speficy the interface in snort.conf?
Because when i was using snort as IDS i didnt do this.
Thanks in advance.
narlaKrishnareddy
commented
1 year ago iam also facing same issue can Any one having idea please give answer
Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize: Invalid interface specification: 'enp0s8'! Fatal Error, Quitting
Hello githubcommunity,
I' ve installed snort in Ubuntu 18.04 server.
I've tested it as IDS and it works fine.
I am trying to test it as IPS, but i have an error when i type this command:
"sudo snort -c /etc/snort/snort.conf -i enp0s3 -Q -A console -q"
The error is: "Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize: Invalid interface specification: 'enp0s3'!. Fatal error. Quitting."
I've specified in snort.conf file for the inline mode the following:
config daq: afpacket config daq_dir: /usr/local/lib/daq config daq_mode: inline config daq_var: buffer_size_mb=128.
Any help is appreciated.
Thank you in advance.