ubuntu - Snort 3.0 错误：找不到请求的 DAQ 模块：pcap

问题描述

我正在尝试在 Ubuntu 20.04 桌面上安装 Snort 3.0。我使用手册作为此安装的指南。一切顺利，似乎安装很顺利，但是，在第 6 页，使用它希望我通过的默认配置文件测试 Snort，snort -c /usr/local/etc/snort/snort.lua但我收到错误Error: Could not find requested DAQ moduel: pcap我昨天花了几个小时谷歌搜索但找不到任何东西. 现在，当谈到 Ubuntu 时，我是一个完整的初学者。我需要安装什么存储库才能实现这一目标？谢谢！

更新所以我从 tcpdump 安装了 pcap，但这并没有解决它。我仍然遇到同样的错误。

http://www.tcpdump.org/release/libpcap-1.10.0.tar.gz

我通过了：

wget http://www.tcpdump.org/release/libpcap-1.10.0.tar.gz
tar -xzvf libpcap-1.10.0.tar.gz

安装很顺利。

然后我通过了：

    /usr/local/bin/snort -V
       ,,_     -*> Snort++ <*-
  o"  )~   Version 3.1.0.0

       ''''    By Martin Roesch & The Snort Team
               http://snort.org/contact#team
               Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
               Copyright (C) 1998-2013 Sourcefire, Inc., et al.
               Using DAQ version 3.0.0
               Using LuaJIT version 2.1.0-beta3
               Using OpenSSL 1.1.1f  31 Mar 2020
               Using libpcap version 1.9.1 (with TPACKET_V3)
               Using PCRE version 8.44 2020-02-12
               Using ZLIB version 1.2.11
               Using FlatBuffers 1.12.0
               Using Hyperscan version 5.3.0 2021-02-01
               Using LZMA version 5.2.4

然后我通过了：

administrator@Ubuntu:~/snort_src$ snort -c /usr/local/etc/snort/snort.lua
--------------------------------------------------
o")~   Snort++ 3.1.0.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
    ssh
    hosts
    host_cache
    pop
    so_proxy
    stream_tcp
    smtp
    gtp_inspect
    packets
    dce_http_proxy
    stream_icmp
    normalizer
    alerts
    rewrite
    ips
    stream_udp
    binder
    wizard
    appid
    search_engine
    file_id
    ftp_data
    ftp_server
    port_scan
    dce_http_server
    dce_smb
    dce_tcp
    telnet
    ssl
    sip
    rpc_decode
    netflow
    http_inspect
    network
    http2_inspect
    modbus
    host_tracker
    stream_user
    stream_ip
    trace
    back_orifice
    classifications
    dnp3
    active
    ftp_client
    decode
    daq
    stream
    references
    arp_spoof
    output
    process
    dns
    dce_udp
    imap
    stream_file
Finished /usr/local/etc/snort/snort.lua:
--------------------------------------------------
ERROR: Could not find requested DAQ module: pcap

FATAL: see prior 1 errors (0 warnings)
Fatal Error, Quitting..

请指教。谢谢你。

更新

看起来我已经有了最新的 pcap 版本。

dministrator@Ubuntu:~/snort_src$ sudo apt-get install -y libpcap-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libpcap-dev is already the newest version (1.9.1-3).
The following packages were automatically installed and are no longer required:
  libfprint-2-tod1 libllvm10
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.

Ran dir，看起来我已经安装了所有东西？

administrator@Ubuntu:~/snort_src$ dir
boost_1_74_0            libpcap-1.10.0.tar.gz
boost_1_74_0.tar.gz     libsafec-02092020.0-g6d921f
flatbuffers-1.12.0      libsafec-02092020.tar.gz
flatbuffers-build       LuaJIT-2.1.0-beta3
flatbuffers-v1.12.0.tar.gz  LuaJIT-2.1.0-beta3.tar.gz
gperftools-2.8          pcre-8.44
gperftools-2.8.tar.gz       pcre-8.44.tar.gz
hyperscan-5.3.0         ragel-6.10
hyperscan-5.3.0-build       ragel-6.10.tar.gz
libdaq-3.0.0            snort3-3.1.0.0
libdaq-3.0.0.tar.gz     snort3-3.1.0.0.tar.gz
libpcap-1.10.0          v5.3.0.tar.gz

我没有想法......谢谢。

标签： ubuntusnort