I have the same problem. Maybe it's a problem related with some kind of permissions because if you run snort with root privileges (-u root, this is not a good idea) it works fine.
Suggestions? Regards El 06/10/2011, a las 15:36, Peter Bates escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hello all... > > Apologies for this being a bit of a cross mailing-list problem - if > the trouble doesn't lie with PF_RING then I'll post to snort-users. > > I've been following (linked from the ntop blog): > http://www.metaflows.com/technology/pf-ring/ > > However I built DAQ-0.6.1 and PF_RING from SVN. > > When I try and invoke snort: > > snort -A console -u snort -g snort -c /etc/snort/snort.conf --daq > pfring -i eth0 > > I see (edited): > > pfring DAQ configured to passive. > Acquiring network traffic from "eth0". > Reload thread starting... > Reload thread started, thread 0x9bce7b70 (20401) > Set gid to 504 > Set uid to 504 > > --== Initialization Complete ==-- > > ,,_ -*> Snort! <*- > o" )~ Version 2.9.1 IPv6 GRE (Build 71) > '''' By Martin Roesch & The Snort Team: > http://www.snort.org/snort/snort-team > Commencing packet processing (pid=20401) > Decoding Ethernet > ERROR: Can't start DAQ (-1) - pfring_open(): unable to open device > 'eth0'. Please use -i <device>! > Fatal Error, Quitting.. > > PF_RING is loaded: > [2080100.858492] [PF_RING] Welcome to PF_RING 5.1.0 ($Revision: 4899$) > [2080100.858494] (C) 2004-11 L.Deri <[email protected]> > [2080100.877720] [PF_RING] registered /proc/net/pf_ring/ > [2080100.887510] NET: Registered protocol family 27 > [2080100.916421] [PF_RING] Min # ring slots 4096 > [2080100.927643] [PF_RING] Slot version 13 > [2080100.938711] [PF_RING] Capture TX Yes [RX+TX] > [2080100.949621] [PF_RING] Transparent Mode 0 > [2080100.960385] [PF_RING] IP Defragment No > [2080100.971211] [PF_RING] Initialized correctly > > Any suggestions appreciated! > > - -- > Peter Bates > Senior Computer Security Officer Phone: +44(0)2076792049 > Information Services Division Internal Ext: 32049 > University College London > London WC1E 6BT > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.17 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOja7GAAoJELhVoVpEMS6Rb6YIAL7GwNoCJzWATfvSL1LyWLPG > I3zbwuDKESIBjGjxRgW+vpH+hR4bByxmiC5MFXoGYYKWHDdA1Mu6ED6MWdQCkWRA > VOQiqR0NN071ceKvY7kg+UVrFug6oAHb2hRyRo3U31YZsXen+k5TXFqpffBxa4Vj > hzz9SrLknTMvlrXtLpoEWeA3Yoq3mlrHDn6SWdVcTpSXJPGURMHXBBArd89epIXr > kNaVMGUY95QJzSbgG/3+rJh275s/tohVD/pkzwITytqFQ7e036NoFlwBeteVNXHD > p/dromYmrNEfZn4SN5sqMOIsp+2YFfh2THADaupsxH6TNHO5dDAZPF9iZ50mOgk= > =otnr > -----END PGP SIGNATURE----- > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
