iv just installd snort on my slackware 8.0 and i had to move couple rule files and create a dir here and there,ect...im trying get the snort (IDS) up and runing but i keep geting errors so ovisouly iv don somthing wrong or havnt configured snort right ? and yes i have read all docs that came inside wit snort but it wasnt writin for a newbie like me?!...cant fallow them so good, anywayz

here my latest error that im geting?

Log directory = /var/log/snort

Initializing Network Interface eth0
ERROR: OpenPcap() device eth0 open:
socket: Operation not permitted
Fatal Error, Quitting..???

thanx inadvanc
CRK175

Some things to check since you don't offer your Snort, libpcap and libnet versions and snort config options:
make and install w/o problems?
all configs, rulesets, logdirs and logfiles in place and correct permissions?
libpcap and libnet correct version for Snort?
running under an unprivileged user/running chrooted?

Are you starting snort as root?

--jeremy

yeah, most likely needs to be run as root.

basicly i need to know is this the hell i wit that error i can figure it out but it was just bugin me, anyways wat i want to know is how do i check if the snort (IDS) works right or do ya think LIDS is a better (ids)?

or

should i install threw RPM to make things easyer?

Just throw some online (nmap) scan against your box, try to xploit your local RPC services or try to login to a remote POP3 server using my plaintext "login" rule:
You can't compare Snort to LIDS. If you do, at least put some effort into making a case why you would do so.
Installing through RPM makes things easier for some people, at some times of day under some weather conditions, when the planets near a good conjunction. YMMVVM. Especially since you stated using Slackware.

Maybe do a bit RTM on IDSes :-]