¿Hay alguna forma de analizar el tráfico de loopback con Suricata?
Lo estoy intentando de esta manera sin éxito:
root@security-onion:/home/sar/TFM/alerts/suricata# suricata -c /etc/suricata/suricata.yaml -i lo -l . -k none
7/9/2018 -- 19:32:25 - <Notice> - This is Suricata version 4.0.5 RELEASE
7/9/2018 -- 19:32:29 - <Warning> - [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to set feature via ioctl for 'lo': Operation not supported (95)
7/9/2018 -- 19:32:29 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
7/9/2018 -- 19:32:29 - <Error> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Frame size bigger than block size
7/9/2018 -- 19:32:29 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
7/9/2018 -- 19:32:29 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-lo failed
Este es el archivo de configuración de suricata:
¿Alguna pista?