[Oisf-users] Suricata doesn't load with a dummy interface
Victor Julien
lists at inliniac.net
Wed Apr 26 14:17:32 UTC 2017
On 26-04-17 16:15, Carlos Terrón Bueno wrote:
> I’m trying to use suricata with a dummy interface (I’m going to inject traffic over), so I load suricata with:
>
> root at ufo:/etc/suricata/rules# suricata -c /etc/suricata/suricata.yaml -i dummy0
>
> But fails
>
> 26/4/2017 -- 14:13:46 - <Notice> - This is Suricata version 3.2.1 RELEASE
> 26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
> 26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
> 26/4/2017 -- 14:14:10 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
> 26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
> 26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
> 26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-dummy0 failed
>
> I’m using the af-packet capture. Does this node work with a dummy interface?
Does it work when you use the following command?
suricata -c /etc/suricata/suricata.yaml --pcap=dummy0
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list