Error Failed To Lookup For Interface Snort
of interest I thought I'd try and install some of the applications listed in the main security sticky. I chose snort, installed it using: "sudo apt-get install snort" Everything installed fine, I guess. It was suggested that one starts out with the "-v" command when first using it. I ran the command and this is what happens: --== Initializing Snort ==-- Initializing Output Plugins! Verifying Preprocessor Configurations! ERROR: Failed to lookup for interface: no suitable device found. Please specify one with -i switch Fatal Error, Quitting.. Can anyone help me out here? Have I missed some major aspect? MonickerMay 22nd, 2008, 01:41 PMThe error message is pretty clear. add -i eth0 for example, or adjust your snort.conf and make sure the proper network interface is specified there. What active network interfaces do you have on the machine? borkborkborkMay 22nd, 2008, 05:07 PMHere is what the active networks appeared as after using netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 utnubu.local:35657 oam-m19a.blue.aol.c:aol ESTABLISHED tcp 0 0 utnubu.local:57803 205.188.7.205:aol ESTABLISHED tcp 0 0 utnubu.local:44723 a216.151.140.80.dep:www ESTABLISHED The TronyxMay 22nd, 2008, 06:32 PMHere is what the active networks appeared as after using netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 utnubu.local:35657 oam-m19a.blue.aol.c:aol ESTABLISHED tcp 0 0 utnubu.local:57803 205.188.7.205:aol ESTABLISHED tcp 0 0 utnubu.local:44723 a216.151.140.80.dep:www ESTABLISHED Could you please tell us what the command, 'ifconfig' shows? jba6511May 22nd, 2008, 10:40 PMto start snort in interactive mode (runs in the terminal) sudo snort -i eth0 -c /etc/snort/snort.conf where eth0 is the interface you use and /etc/snort/snort.conf is the path to your snort.conf file. to start snort quietly sudo /usr/sbin/snort -c /etc/snort/snort.conf -i eth0 -g root -D to stop snort sudo /etc/init.d/snort stop More than likely if you only have one NIC card installed than it will be assigned to eth0, but the results from ifconfig will confirm this. borkborkborkMay 23rd, 2008, 05:52 PMeth0 Link encap:Ethernet HWaddr 00:1e:8c:b1:db:d7 inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:8cff:feb1:dbd7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:336 errors:0 dropped:0 overruns:0 frame:0 TX packets:373 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:141512 (138.1 KB) TX bytes:61
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Interface error running snort Want to Advertise Here? Solved Interface error running snort Posted on 2010-05-27 Security 1 Verified Solution 2 Comments 1,888 Views Last Modified: 2013-11-29 https://ubuntuforums.org/archive/index.php/t-803161.html I am running snort 2.7 on ubuntu 8.04 with mysql 5. When i run the command snort -c /etc/snort/snort.config I get the following error Failed to lookup fo interface. No suitable device found. Please specify one with the -i switch. Any clue of what I am supposed to do to fix this? 0 Question by:jimmylew52 Facebook Twitter LinkedIn Google LVL 38 Active https://www.experts-exchange.com/questions/26220180/Interface-error-running-snort.html 1 day ago Best Solution byrichrumble -i eth0 ? snort -c /etc/snort/snort.config -i eth0 or eth1... whatever your listening nic should be. -rich Go to Solution 2 Comments LVL 38 Overall: Level 38 Security 25 Message Active 1 day ago Accepted Solution by:richrumble2010-05-28 -i eth0 ? snort -c /etc/snort/snort.config -i eth0 or eth1... whatever your listening nic should be. -rich 0 LVL 1 Overall: Level 1 Message Active 3 days ago Author Closing Comment by:jimmylew522010-05-28 Thanks 0 Write Comment First Name Please enter a first name Last Name Please enter a last name Email We will never share this with anyone. Comment Submit Your Comment By clicking you are agreeing to Experts Exchange's Terms of Use. Featured Post IT, Stop Being Called Into Every Meeting Promoted by Highfive Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work! Try Free For 30 Days
Kedar on 2012-04-23 when ever i try to install a program( for example : using sudo apt-get update/or adobe flash player etc ..) it ends up with this same error report! i am help less and not https://answers.launchpad.net/ubuntu/+source/snort/+question/194521 able to install an thing. in am using Ubuntu 12.04 LTS on lenoveo http://www.ubuntu-es.org/node/115179 3000 series Y500 laptop ,,_ -*> Snort! <*- o" )~ Version 2.9.2 IPv6 GRE (Build 78) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4 when ever i try to mannually start the snort error failed it ends up with a fatale error saying --== Initializing Snort ==-- Initializing Output Plugins! ERROR: Failed to lookup interface: no suitable device found. Please specify one with -i switch Fatal Error, Quitting.. i am new using ubuntu and no one to guide me plz help me out with that or atleast give me a hint what to do with this! ProblemType: Package DistroRelease: Ubuntu 12.04 Package: error failed to snort 2.9.2-3ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-20.32-generic-pae 3.2.12 Uname: Linux 3.2.0-20-generic-pae i686 ApportVersion: 1.95-0ubuntu1 Architecture: i386 Date: Tue Apr 24 01:02:08 2012 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120221) SourcePackage: snort Title: package snort 2.9.2-3ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) Question information Language: English Edit question Status: Solved For: Ubuntu snort Edit question Assignee: No assignee Edit question Solved by: Sam_ Solved: 2012-04-26 Last query: 2012-04-26 Last reply: 2012-04-24 Related bugs Bug #987501: package snort 2.9.2-3ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 This question was originally filed as bug #987501. Link existing bug Remove bug link Related FAQ: None Link to a FAQ Pritesh Prakash Kedar (pritesh-kedar) said on 2012-04-23: #1 Sam_ (and-sam) said on 2012-04-23: #2 https://help.ubuntu.com/community/PackageManagerTroubleshootingProcedure http://www.snort.org/ Pritesh Prakash Kedar (pritesh-kedar) said on 2012-04-24: #3 The problem still continuted sudo apt-get install -f Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation,
esto es lo que me sale y no termino de entender que es lo que va mal: ~$ snort -W snort: invalid option -- W ,,_ -*> Snort! <*- o" )~ Version 2.7.0 (Build 35) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. USAGE: snort [-options] Options: -A Set alert mode: fast, full, console, or none (alert file alerts only) "unsock" enables UNIX socket logging (experimental). -b Log packets in tcpdump format (much faster!) -B Obfuscated IP addresses in alerts and packet dumps using CIDR mask -c Use Rules File -C Print out payloads with character data only (no hex) -d Dump the Application Layer -D Run Snort in background (daemon) mode -e Display the second layer header info -f Turn off fflush() calls after binary log writes -F Read BPF filters from file -g Run snort gid as group (or gid) after initialization -G <0xid> Log Identifier (to uniquely id events for multiple snorts) -h Home network = -i Listen on interface -I Add Interface name to alert output -k Checksum mode (all,noip,notcp,noudp,noicmp,none) -K Logging mode (pcap[default],ascii,none) -l Log to directory -L Log to this tcpdump file -M Log messages to syslog (not alerts) -m Set umask = -n Exit after receiving packets -N Turn off logging (alerts still work) -o Change the rule testing order to Pass|Alert|Log -O Obfuscate the logged IP addresses -p Disable promiscuous mode sniffing -P Set explicit snaplen of packet (default: 1514) -q Quiet. Don't show banner and status report -r Read and process tcpdump file -R Include 'id' in snort_intf.pid file name -s Log alert messages to syslog -S Set rules file variable n equal to value v -t Chroots process to after initialization -T Test and report on the current Snort configuration -u Run snort uid as user (or uid) after initialization -U Use UTC for timestamps -v Be verbose -V Show version number -w Dump 802.11 management and control frames -X Dump the raw packet data starting at the link layer -y Include year in timestamp in the alert and log files -Z Set the performonitor preprocessor file path and name -z Set assurance mode, match on established sesions (for TCP) -? Show this information are standard BPF options, as seen in TCPDump Longname op