Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Connection lost

From: Matt Scarborough <vexversa () usa net>
Date: 9 Jul 2001 22:01:52 EDT
Unfortunately, you can not always monitor RAS ("dial-up" on Windows 2000) with
WinPCap. That may be the root of your problem. See Q3 and Q4 and Q9 here.
http://netgroup-serv.polito.it/windump/misc/faq.htm

You can try all the WAN adapters using -i1, -i2, etc., but I think you will 
be unsucsessful.  I am mentioning WinPCap because it is required by Snort.
Many sniffers are unable to monitor RAS.

You will have strange results running a "Personal Firewall" and packet capture
software. CommView + Tiny, Snort + AtGuard, Norton + EtherPeek. It does not
matter. That is not a good combo, blocking and sniffing the same IP stack on a
Windows NTx host.

Sorry,

Matt Scarborough 2001-07-10

On Mon, 9 Jul 2001 20:20:49 +0200, Luca Mauri wrote:


Snort version is 1.7.
My OS is Windows 2000 Pro SP2 Italian language, my machine is a genuine
Intel PII 450MHz with 320 Mb ram and 10 Gb Hard Disk.

Non-standard services normal running on my PC are: Norton AntiVirus auto
protect, Tiny Personal Firewall, IIS 5.0. I have tried to shut them off but
the problem with SNORT is the same.

Please let me know if I have to provide more and much detailed information.


On Sun, 8 Jul 2001 20:13:56 +0200, Luca Mauri wrote:


I am testing the software on a stand alone machine with a 56K dial-up
internet connection.
After having setting the main parameters in the in the configuration file as
in the snort.conf example, I have started Snort.
Immediately after Snort starts, every traffic to internet is reduced to
zero: no data are trasmitted or received at all.
If I stop Snort, the internet traffic resume as normal.




____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: