Snort mailing list archives
Re: snort-1.7-win32-static: only loging icmp packets
From: Matt Scarborough <vexversa () usa net>
Date: 5 Jul 2001 15:32:24 EDT
On Thu, 05 Jul 2001 09:53:26 -0500, Lee Leahu wrote:
hello, i am running snort on a windows2000 advanced server. while running snort, i am seeing that it only is logging packets of the ICMP type. It is not logging any tcp or udp ports whatsoever, even while and after i am running both test scripts. I am also soticing that acer pressing control-c and whaiting for snort to exit, i am getting the pcap lib error: packetdrecievepacket error. anyone have any ideas?
Lee, In my experience, going back to the ver. 2.02 WinPCap driver will fix this. Completely remove all previous instances of WinPCap and try another driver version. How to clear out old drivers: http://netgroup-serv.polito.it/windump/misc/faq.htm I have monkeyed around with the source from WinPcap 2.2 beta and re-built Snort and that worked. Actually that "brutal hack" ;-) should not matter at all to Snort. But I thought this was cool to try. I really exected all hell to break loose and was very disappointed not to see fire and smoke. Lately, I have been a little shy to add beta things to Snort. Probably I am reluctant to try beta anything. So, upgrade or downgrade WinPcap != ver 2.1 on Windows 2000. Your choice. That has worked for me for the exact error message you describe. Matt Scarborough 2001-07-05 ____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-1.7-win32-static: only loging icmp packets Lee Leahu (Jul 05)
- <Possible follow-ups>
- Re: snort-1.7-win32-static: only loging icmp packets Matt Scarborough (Jul 05)