Re: snort-1.7-win32-static: only loging icmp packets

[Matt Scarborough <vexversa () usa net>]

On Thu, 05 Jul 2001 09:53:26 -0500, Lee Leahu wrote:

> hello,
>
> i am running snort on a windows2000 advanced server.
>
> while running snort, i am seeing that it only is logging packets of the 
> ICMP type.  It is not logging any tcp or udp ports whatsoever, even while 
> and after i am running both test scripts.
>
> I am also soticing that acer pressing control-c and whaiting for snort to 
> exit, i am getting the pcap lib error: packetdrecievepacket error.
>
> anyone have any ideas?

Lee,

In my experience, going back to the ver. 2.02 WinPCap driver will fix this.
Completely remove all previous instances of WinPCap and try another driver
version. How to clear out old drivers:
http://netgroup-serv.polito.it/windump/misc/faq.htm

I have monkeyed around with the source from WinPcap 2.2 beta and re-built
Snort and that worked. Actually that "brutal hack" ;-) should not matter at
all to Snort. But I thought this was cool to try. I really exected all hell to
break loose and was very disappointed not to see fire and smoke.

Lately, I have been a little shy to add beta things to Snort. Probably I am
reluctant to try beta anything.

So, upgrade or downgrade WinPcap != ver 2.1 on Windows 2000. Your choice. That
has worked for me for the exact error message you describe.

Matt Scarborough 2001-07-05

____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users