On Tue, Feb 20, 2001 at 11:21:45AM +0200, Viljo Marrandi wrote: > Feb 20 10:54:17 equinoxe modprobe: modprobe: Can't locate module net-pf-17 > Feb 20 10:54:17 equinoxe snort: ERROR: OpenPcap() device eth0 open: > ^Isocket: Socket type not supported > > Firstly, what is net-pf-17? I couldn't find it anywhere (grepped thru > kernel source). And why it says that socket type not supported? I > installed all required packages for it - libc6_2.2.1 and libpcap0. What > couls possibly be wrong? First of all, that 'pf' stands for 'protocol family', like PF_INET for IP or PF_IPX for IPX and so on. You have the list of protocol families in the file /usr/include/linux/socket.h, from there you'll notice that AF_PACKET (yes, it is the same as PF_PACKET, don't ask why the duplicate naming) has the magic value of 17. So in short, you're missing the packet socket support from your kernel. Once you enable it, snort/tcpdump/anything that uses libpcap should work. -- Tommi Komulainen Tommi.Komulainen@iki.fi GPG 1024D/68388EE6 6FD6 DD79 EB38 BF6F 3533 09C0 04A8 9871 6838 8EE6
Attachment:
pgpxsbaCXEBQo.pgp
Description: PGP signature