problems with new IDScenter installation package from snort.org

[counter.spy () gmx de]

Hi, 
my name is Detmar. I am currently evaluating several IDSs for 
my diploma thesis. 
I am sorry if my questions may sound stupid,
but I am a Newbie with Snort (not only with snort ;-))
and I havent found anything about those specific problems, yet.
Although I have found some e.g.:
FROM: Dragos RuiuDATE: 12/19/2001 13:55:45
SUBJECT: RE:  [Snort-users] IDScenter (v1.09) problems smmarized)

I have encountered some problems with the current version of
IDScenter (1.09 BETA) and Snort Win32 1.8.3, which I downloaded
as "wise installation package" from snort.org.

When I had installed IDScenter 1.09 BETA and snort manually 
before this try, I didnt have those problems. 
Now I'm not sure where the problems are - with IDScenter 
or with snort or with winpcap?

I am running (or attempting to run) three installations of 
Snort win32 and there are three different problems:

1. Windows 98 
Problem:        Installation quits.
Error Message:  >>The file "MSIEXEC" or one of its components
                could not be found. Make sure that the path
                settings and filenames are correctly set
                and that all required libraries are available.<<
                I do understand that MSIEXEC is needed to interpret
                and install installation packages in windows.
                But I never had any problems in installing
                anything on this machine with wise installation
                wizard, before.

2. Windows 2000 Professional
Problem:        Snort is too quiet. No alerts at all, even not
                when attempting to open a session from netcat or
                nmap portscanning.
Note:           The previous installation performed just fine.
                

3. Windows 2000 Advanced Server
Problem:        Snort quits due to PCAP problem
Message:        |> IDScenter test console <|
                -- Press ENTER after checking Snorts output --
                Log directory = log

                Initializing Network Interface \
                ERROR: OpenPcap() FSM compilation failed:
                syntax error
                PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
Files\Sourcefire\S
                nort -A full -h 192.168.0.111/32 -i 1 -a -b -d -e
                Fatal Error, Quitting..

Note:           This is not my real IP ;-), but the rest is correct.
                Libpcap works fine with Ethereal. No network problems.
                IDScenter has correctly detected my IP settings and a script
                was successfully generated. 
                For some reason, win2000 has remembered some old NIC installation
                but this is "hidden" (I had some warning when I installed the new NIC)
                and the LAN connection has the name "Local area connection 2".
                Could that be a reason? How can I access a "hidden" setting?


Thanx for any hints!

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users