RE: Winpcap and cheap NICs...

["Tobias Rice" <tobias () fatofthelan com>]

I'm not really sure what you mean. This is a fresh install, so it wouldn't
be using the old name. Take a look at this:
[snip]
database:   sensor name = MACHINENAME:\Device\Packet_NdisWanIp
database:     sensor id = 1
[/snip]
This is what is get when I start Snort on the new machine.
This is what I'm used to seeing on my other sensors:
[snip]
database:   sensor name =
MACHINENAME:\Device\Packet_{86B2AC7B-ACAC-4EBE-9E72-A294A4CD29E8}
database:     sensor id = 2
[/snip]

Any thoughts?
Thanks once again!




-----Original Message-----
From: John [mailto:john () bad-current net] 
Sent: Saturday, January 25, 2003 8:27 PM
To: Tobias Rice
Subject: Re: [Snort-users] Winpcap and cheap NICs...


your interface name is probably different now...

On Sat, Jan 25, 2003 at 06:20:28PM -0800, Tobias Rice wrote:
> From: "Tobias Rice" <tobias () fatofthelan com>
> To: <snort-users () lists sourceforge net>
> X-MDRemoteIP: 12.231.150.123
> X-Return-Path: tobias () fatofthelan com
> X-MDaemon-Deliver-To: snort-users () lists sourceforge net
> Subject: [Snort-users] Winpcap and cheap NICs...
> Errors-To: snort-users-admin () lists sourceforge net
> List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
> X-Original-Date: Sat, 25 Jan 2003 18:20:28 -0800
> Date: Sat, 25 Jan 2003 18:20:28 -0800
>
> I recently replaced my server's mainboard and CPU. It came with an onboard
> NIC, so I removed the 3Com. I then reloaded the OS and Snort. Snort starts
> up just fine like normal, but when I attack the machine, I never get an
> alert. Is it possible that Winpcap doesn't work on cheap NICs? I'm pretty
> sure that I have everything setup correctly, as I have setup Snort many
> times successfully. Any suggestions would be greatly appreciated.
> Many thanks!
>
>
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
john () bad-current net
publickey: http://www.bad-current.net/john/key.html
fingerprint: 7A96 24BE F9B1 1092 B4F6  B53D 1DB4 139B F217 DE50



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users