I am trying to install Snort 3.0 on an Ubuntu 20.04 desktop. I'm using the manual as a guide for this install. Everything went well and it seems the install went fine, however, at page 6, to test Snort with the default configuration file it wants me to pass snort -c /usr/local/etc/snort/snort.lua but I am getting the error Error: Could not find requested DAQ moduel: pcap I've spent a few hours yesterday Googling but could not find anything. Now, I am a complete beginner when it comes to Ubuntu. What repository do I need to install to get this going? Thanks!
UPDATESo I installed pcap from the tcpdump, but that did not resolve it. I am still getting the same error.
http://www.tcpdump.org/release/libpcap-1.10.0.tar.gzI passed:
wget http://www.tcpdump.org/release/libpcap-1.10.0.tar.gztar -xzvf libpcap-1.10.0.tar.gzInstall went fine.
Then I passed:
/usr/local/bin/snort -V ,,_ -*> Snort++<*- o" )~ Version 3.1.0.0'''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.0 Using LuaJIT version 2.1.0-beta3 Using OpenSSL 1.1.1f 31 Mar 2020 Using libpcap version 1.9.1 (with TPACKET_V3) Using PCRE version 8.44 2020-02-12 Using ZLIB version 1.2.11 Using FlatBuffers 1.12.0 Using Hyperscan version 5.3.0 2021-02-01 Using LZMA version 5.2.4Then I passed:
administrator@Ubuntu:~/snort_src$ snort -c /usr/local/etc/snort/snort.lua--------------------------------------------------o")~ Snort++ 3.1.0.0--------------------------------------------------Loading /usr/local/etc/snort/snort.lua:Loading snort_defaults.lua:Finished snort_defaults.lua:Loading file_magic.lua:Finished file_magic.lua: ssh hosts host_cache pop so_proxy stream_tcp smtp gtp_inspect packets dce_http_proxy stream_icmp normalizer alerts rewrite ips stream_udp binder wizard appid search_engine file_id ftp_data ftp_server port_scan dce_http_server dce_smb dce_tcp telnet ssl sip rpc_decode netflow http_inspect network http2_inspect modbus host_tracker stream_user stream_ip trace back_orifice classifications dnp3 active ftp_client decode daq stream references arp_spoof output process dns dce_udp imap stream_fileFinished /usr/local/etc/snort/snort.lua:--------------------------------------------------ERROR: Could not find requested DAQ module: pcapFATAL: see prior 1 errors (0 warnings)Fatal Error, Quitting..Please advise. Thank you.
UPDATE
It looks like I already have the latest pcap version.
dministrator@Ubuntu:~/snort_src$ sudo apt-get install -y libpcap-devReading package lists... DoneBuilding dependency tree Reading state information... Donelibpcap-dev is already the newest version (1.9.1-3).The following packages were automatically installed and are no longer required: libfprint-2-tod1 libllvm10Use 'sudo apt autoremove' to remove them.0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.Ran dir and it looks like I got everything installed?
administrator@Ubuntu:~/snort_src$ dirboost_1_74_0 libpcap-1.10.0.tar.gzboost_1_74_0.tar.gz libsafec-02092020.0-g6d921fflatbuffers-1.12.0 libsafec-02092020.tar.gzflatbuffers-build LuaJIT-2.1.0-beta3flatbuffers-v1.12.0.tar.gz LuaJIT-2.1.0-beta3.tar.gzgperftools-2.8 pcre-8.44gperftools-2.8.tar.gz pcre-8.44.tar.gzhyperscan-5.3.0 ragel-6.10hyperscan-5.3.0-build ragel-6.10.tar.gzlibdaq-3.0.0 snort3-3.1.0.0libdaq-3.0.0.tar.gz snort3-3.1.0.0.tar.gzlibpcap-1.10.0 v5.3.0.tar.gzI'm out of ideas...Thank you.