How to set up suricata af_packet IPS mode if my laptop only have one NIC?

Ram_C · October 7, 2021, 7:52am

I have a laptop with only one wireless NIC (Intel AX200) and then I want to setup a NIPS on it, and finally i choosed suricata.

I tried to create a dummy interface and a VLAN interface as the interface required in the suricata manual, but I have completely failed.

So…do you have any idea?
thanks a lot~

here are some system infomation:
OS: Gentoo Linux
Init: OpenRC 0.43.5
Kenerl: linux-5.14.9-xanmod1-cacule
Glibc: glibc-2.33-r1

vjulien · October 7, 2021, 8:34am

Have you considered using the NFQUEUE mode instead?
https://suricata.readthedocs.io/en/suricata-6.0.3/setting-up-ipsinline-for-linux.html

Ram_C · October 8, 2021, 4:06am

Thanks for your reply. I considered using nfqueue mode, but I still wanted to try af_packet mode at that time. But now it seems that I really have to use nf_queue mode.

so my nips is now working properly.

Topic		Replies	Views
A question about choosing a network card Help	6	314	October 3, 2023
Question about use queue mode accept Help ips , suricata	1	341	September 13, 2023
Need help with Suricata IPS Setup Help	1	916	September 13, 2021
How to configure suricata IPS mode with AF-PACKET? Help ips , community , suricata	1	1615	July 17, 2022
How can configure multiple interfaces when using suricata in IPS mode where setting up (LISTENMODE=nfqueue)) Developers ips , suricata	1	585	June 21, 2023

How to set up suricata af_packet IPS mode if my laptop only have one NIC?

Related topics