Snort mailing list archives
RE: More WinPcap 2.3 and Win2k
From: "Don" <Don () WeberOnTheWeb com>
Date: Wed, 19 Jun 2002 11:55:10 -0700
ahh, i downloaded windump and my version info is as follows Windump -w results in the following windump version 3.6.2, based on tcpdump version 3.6.2 WinPcap version 2.3, based on libpcap version 0.6.2 windump -d windump: listening on\device\packet_{long-string of numbers} (000) ret #96 mayb that helps in some way Don -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Tuesday, June 18, 2002 4:33 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] More WinPcap 2.3 and Win2k Chris, He has the latest from us. It very well could be that he is running a dual processor box and has not terminated the second processor in the boot.ini file at all, or correctly. I can build another latest build of Snort but I don't think that will help. There has been a LOT of these types of issues in the last week or so. Could it be that everyone is upgrading from older versions, or has there been a massive infusion of Windows users into the Snort community. Michael Steele | System Engineer / System Administrator mailto:michaels () silicondefense com http://www.silicondefense.com -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Chris Reid Sent: June 18, 2002 12:04 PM To: Madziarczyk, Jonathan Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] More WinPcap 2.3 and Win2k The reason you're seeing nothing in the interface list is also a WinPcap problem. In previous versions of WinPcap there is a 1K buffer, which overflows if you have many interfaces (ie. 10+). This has been replaced with an 8K buffer in more recent versions of WinPcap. The current snort distribution should already be linking against the newer WinPcap libraries, which should resolve this problem. Try obtaining a more recent build of snort. Chris Reid ----- Original Message ----- From: "Madziarczyk, Jonathan" <than () cityofevanston org> Cc: <snort-users () lists sourceforge net> Sent: Tuesday, June 18, 2002 10:25 AM Subject: [Snort-users] More WinPcap 2.3 and Win2k
I've done a little digging and from what I can see this appears to be
a
WinPcap problem, I tried windump -D and I get the same error, so it's
not
snort specific. Also one thing I didn't mention previously was that
my
snort -W shows what I think is nothing. There are 4 nics in my
machine and
all I see is this: C:\Snort>snort -W -*> Snort! <*- Version 1.8.7-MySQL-WIN32 (Build 121) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) 1.8-WIN32 Compiled By Michael Steele (michaels () silicondefense com, www.siliconde fense.com) (based on code from 1.7 port) Interface Device Description ------------------------------------------- 1 C:\Snort> For some reason I think this interface 1 is a loopback. Hope this info is of some use. Peace, Jon M "(Anakin) Why do I get the feeling you'll be the death of me someday" --ObiWan -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of
Madziarczyk,
Jonathan Sent: June 17, 2002 2:39 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] WinPcap 2.3 and Win2k I'm setting up a new install of Snort on Win2k and I'm getting the
"ERROR:
OpenPcap( ) device open: Error opening adapter: Overlapped I/O
operation is
in progress. Fatal Error, Quitting.." The FAQ says this can be due to an old incompatible, or uninstalled
version
of WinPcap. I'm using 2.3 and the install appears to be running successfully. Is there any way I can check to make sure it is, or is
this
already a known issue? Thanks, JonM
------------------------------------------------------------------------ ---- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More WinPcap 2.3 and Win2k Madziarczyk, Jonathan (Jun 18)
- Re: More WinPcap 2.3 and Win2k Chris Reid (Jun 18)
- RE: More WinPcap 2.3 and Win2k Michael Steele (Jun 18)
- RE: More WinPcap 2.3 and Win2k Don (Jun 19)
- RE: More WinPcap 2.3 and Win2k Don (Jun 19)
- RE: More WinPcap 2.3 and Win2k Michael Steele (Jun 18)
- Re: More WinPcap 2.3 and Win2k Chris Reid (Jun 18)