[Oisf-users] [EXT] Re: Suricata doesn't load with a dummy interface
Carlos Terrón Bueno
cterron at alienvault.com
Wed Apr 26 14:23:19 UTC 2017
Ups my fault. Fixed with
ifconfig dummy0 up ….
El 26 abr 2017, a las 16:17, Victor Julien <lists at inliniac.net<mailto:lists at inliniac.net>> escribió:
On 26-04-17 16:15, Carlos Terrón Bueno wrote:
I’m trying to use suricata with a dummy interface (I’m going to inject traffic over), so I load suricata with:
root at ufo:/etc/suricata/rules# suricata -c /etc/suricata/suricata.yaml -i dummy0
But fails
26/4/2017 -- 14:13:46 - <Notice> - This is Suricata version 3.2.1 RELEASE
26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:14:10 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get feature via ioctl for 'dummy0': Operation not supported (95)
26/4/2017 -- 14:14:10 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
26/4/2017 -- 14:14:10 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-dummy0 failed
I’m using the af-packet capture. Does this node work with a dummy interface?
Does it work when you use the following command?
suricata -c /etc/suricata/suricata.yaml --pcap=dummy0
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org<mailto:oisf-users at openinfosecfoundation.org>
Site: http://suricata-ids.org<http://suricata-ids.org/> | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170426/eb9a51dd/attachment-0002.html>
More information about the Oisf-users
mailing list