求助：snort启动后出现Not Using PCAP_FRAMES？

augustusqing · 发表于 2006-10-27 19:14:23

安装新版本的snort2.6.0.1＋base系统
snort的配置参数选的是
./configure --prefix=/usr --with-mysql --dynamicplugin ，其他mysql数据库部分配置没问题，最后通过snort -c /etc/snort/snort.conf -g snort  启动snort时，如下提示信息：

Decoding Ethernet on interface eth0
database: compiled support for ( mysql )
database: configured to use mysql
database:       user = snort
database: password is set
database: database name = snort
database:       host = localhost
database: sensor name = 192.168.0.3
database:    sensor id = 1
database: schema version = 107
database: using the "log" facility

      --== Initialization Complete ==--

,,_    -*> Snort! <*-
  o"  )~ Version 2.6.0.1 (Build 75)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
         (C) Copyright 1998-2006 Sourcefire Inc., et al.

         Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.5  <Build 10>
         Preprocessor Object: SF_SMTP  Version 1.0  <Build 6>
         Preprocessor Object: SF_FTPTELNET  Version 1.0  <Build 8>
Not Using PCAP_FRAMES

是说没有libpcap库？明明之前已经安装了libpcap
root:/sources/snort-2.6.0.1# whereis libpcap
libpcap: /usr/lib/libpcap.a
root:/sources/snort-2.6.0.1# 明明装了啊，不行，重新编译snort，先ldconfig一下，再在configure时多加入  --with-libpcap-libraries=/usr/lib 完毕，Not Using PCAP_FRAMES的提示依旧，嗅探模式snort -v启动也一样Not Using PCAP_FRAMES，没招了，请指点，谢谢！

augustusqing · 发表于 2006-10-30 13:35:36

已解决，百度雅虎搜索能力太差，google出答案了
设置PCAP_FRAMES环境变量。

skykingf · 发表于 2006-10-30 21:18:21

偶也发现这个问题了

xxxxxx_100 · 发表于 2006-11-4 19:04:12

楼主能详细说说“设置PCAP_FRAMES环境变量”么？我也遇到这个问题，就是抓不到包，望指教，多谢了~

augustusqing · 发表于 2006-11-5 09:43:55

正解：http://www.snort.org/docs/snort_ ... 2.4/rc1/node27.html
export PCAP_FRAMES=max
当然最好是添加进profile里面
至于楼上的说没有抓到包，应该跟“Not Using PCAP_FRAMES”无关，我的一开始装上就可以抓包的

xxxxxx_100 · 发表于 2006-11-5 18:40:25

谢谢，我是初学，而且我是在windows下装的，到现在都不知道为什么抓不到包。
C:\Documents and Settings\user>snort -v
Running in packet dump mode

      --== Initializing Snort ==--
Initializing Output Plugins!
Verifying Preprocessor Configurations!
***
*** interface device lookup found: \
***

Initializing Network Interface \Device\NPF_GenericDialupAdapter
Decoding Ethernet on interface \Device\NPF_GenericDialupAdapter

      --== Initialization Complete ==--

,,_    -*> Snort! <*-
  o"  )~ Version 2.6.1.beta2-ODBC-MySQL-FlexRESP-WIN32 (Build 13)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
         (C) Copyright 1998-2006 Sourcefire Inc., et al.

Not Using PCAP_FRAMES
*** Caught Int-Signal

===============================================================================

Snort received 0 packets
Analyzed: 0(0.000%)
Dropped: 0(0.000%)
Outstanding: 0(0.000%)
===============================================================================
Breakdown by protocol:
TCP: 0       (0.000%)
UDP: 0       (0.000%)
ICMP: 0       (0.000%)
ARP: 0       (0.000%)
  EAPOL: 0       (0.000%)
IPv6: 0       (0.000%)
ETHLOOP: 0       (0.000%)
IPX: 0       (0.000%)
FRAG: 0       (0.000%)
  OTHER: 0       (0.000%)
DISCARD: 0       (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Snort exiting

augustusqing · 发表于 2006-11-5 22:17:39

windows下没装过啊，不知道确切需要先安装哪些库，应该也依赖类似libpcap或wincap的库吧

xxxxxx_100 · 发表于 2006-11-14 15:05:40

是啊，我安装了wincap了，可是，不知道为什么就是一个包也抓不到

snaking · 发表于 2006-11-29 16:21:11

Post by xxxxxx_100
是啊，我安装了wincap了，可是，不知道为什么就是一个包也抓不到

Not Using PCAP_FRAMES

我也遇到这个问题了,你解决了吗?请告之谢谢

还有我用的 WinPcap_3_1

您呢?

linghan666 · 发表于 2007-12-6 14:30:22

您好！在哪里设置PCAP_FRAMES呢？

		自动登录	找回密码
密码			注册