Bug #1491: pf_ring is not able to capture packets when running under non-root account - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1491

closed

pf_ring is not able to capture packets when running under non-root account

Added by Alexander Gozman over 9 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Alexander Gozman

Target version:

3.0RC1

Affected Versions:

Effort:

Difficulty:

Label:

Description

If we set user and group in configuration file, suricata can not capture packets with pf_ring, because interface is not switched to promiscuous mode. But if we do "ifconfig eth0 promisc" before starting suricata, everything works fine. It seems that dropping privileges makes pf_ring useless.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1491

pf_ring is not able to capture packets when running under non-root account

Updated by Alexander Gozman over 9 years ago

Updated by Alexander Gozman over 9 years ago

Updated by Victor Julien over 9 years ago