Snort mailing list archives

RE: running Snort on W2000:"interface \Device\Packet_NdisWanIp" problem

From: "Michael Steele" <michaels () silicondefense com>
Date: Fri, 16 Nov 2001 08:48:35 -0800

Hello,
 
I guessing from your message that you would like to specify a certain
NIC to place your sensor on. You can use the W switch to list your
installed interfaces and the I switch to tell Snort which interface to
read from.
-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Matija
Exel
Sent: Friday, November 16, 2001 8:06 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] running Snort on W2000:"interface
\Device\Packet_NdisWanIp" problem
 

hello,

I cannot get started with Snort!  I am on a Windows2000.
There are no messages from the beast:

C:\Program Files\Sourcefire\Snort-1.8.2>snort -v
Log directory = log
        --== Initializing Snort ==--
Initializing Network Interface \
Checking PID path...
PID stat checked out ok, PID set to C:\Program
Files\Sourcefire\Snort-1.8.2     
Writing PID file to "C:\Program Files\Sourcefire\Snort-1.8.2"  
Decoding Ethernet on interface \Device\Packet_NdisWanIp     
... 
and then nothing!

I wonder where is this interface information coming from: " interface
\Device\Packet_NdisWanIp " ?
I am at the same time running successfuly Ethereal from the same box --
however I
have the choice of 2 interfaces there:
-- if I choose \Device\Packet_NdisWanIp     I get nothing, as with snort
-- if I choose \Device\Packet_{452B97B2-...} Ethereal runs OK.

Is there any way of configuring this? I don't see anything in
snort.conf.




____________________________________________________
 M. Matija Exel
 E.N.S.I.E.G., Service  Réseau / Lab. Automatique de Grenoble
 BP.  46 Cedex,  38402 St.Martin d'Heres,  FRANCE
 Tel : (+33) 4 76 82 71 12          Fax:(+33) 4 76 82 63 88
 Matija.Exel () inpg fr,  Matija.Exel () lag ensieg inpg fr
 http://www-exel.ensieg.inpg.fr/

Current thread:

running Snort on W2000:"interface \Device\Packet_NdisWanIp" problem Matija Exel (Nov 16)
- RE: running Snort on W2000:"interface \Device\Packet_NdisWanIp" problem Michael Steele (Nov 16)