[Oisf-users] [EXT] Re: Suricata doesn't load with a dummy interface

Carlos Terrón Bueno cterron at alienvault.com
Wed Apr 26 14:20:06 UTC 2017 

Hi Victor

No, I doesn’t work

root at ufo:/etc/suricata/rules# suricata -c /etc/suricata/suricata.yaml --pcap=dummy0
26/4/2017 -- 14:18:58 - <Notice> - This is Suricata version 3.2.1 RELEASE
26/4/2017 -- 14:19:23 - <Warning> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Name of device should not be null
26/4/2017 -- 14:19:23 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:19:23 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:19:23 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:19:23 - <Error> - [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error That device is not up
26/4/2017 -- 14:19:23 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01-(null)" closed on initialization.
26/4/2017 -- 14:19:23 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting…



El 26 abr 2017, a las 16:17, Victor Julien <lists at inliniac.net<mailto:lists at inliniac.net>> escribió:

On 26-04-17 16:15, Carlos Terrón Bueno wrote:
I’m trying to use suricata with a dummy interface (I’m going to inject traffic over), so I load suricata with:

root at ufo:/etc/suricata/rules# suricata -c /etc/suricata/suricata.yaml -i dummy0

But fails

26/4/2017 -- 14:13:46 - <Notice> - This is Suricata version 3.2.1 RELEASE
26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:14:10 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-dummy0 failed

I’m using the af-packet capture. Does this node work with a dummy interface?

Does it work when you use the following command?

suricata -c /etc/suricata/suricata.yaml --pcap=dummy0

--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org<http://suricata-ids.org/> | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170426/696ef483/attachment-0002.html>

More information about the Oisf-users mailing list