Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Buffer too small for packet.dll? (was: Error i nitializing NIC)

From: Reinhard Doberstein <r.doberstein () typoart de>
Date: Thu, 25 Apr 2002 12:00:42 +0200
Hi John,

sounds very interesting. 
Btw. there is a Bugreport about this, ist Number 543346
[http://sourceforge.net/tracker/index.php?func=detail&aid=543346&group_id=33
57&atid=103357].

By
Reinhard

--
Reinhard Doberstein
mailto:r.doberstein () gmx de http://www.doberstein.com
 



-----Original Message-----
From: John Goggan [mailto:jgoggan () dcg com]
Sent: Thursday, April 25, 2002 7:07 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Buffer too small for packet.dll? 
(was: Error
initializing NIC)


Reinhard Doberstein wrote:


With "snort -W" i got:

-*> Snort! <*-
Version 1.8-WIN32 (Build 103)
By Martin Roesch (<EMAIL: PROTECTED>, http://www.snort.org)
1.7-WIN32 Port By Michael Davis (<EMAIL: PROTECTED>,
 http://www.datanerds.net/~mike)
1.8-WIN32 Port By Chris Reid (<EMAIL: PROTECTED>)
          (based on code from 1.7 port)

Interface       Device          Description
-------------------------------------------
1

.................................................................

so i got nothing by Device or Description. And that happend on all
machines. I think this is the problem.


I am having this same problem on 2 out of 3 of my Win2000 
machines.  After
looking over the sourcecode for a while, I've discovered that 
it is some type
of problem with the length of BufferSize passed to 
PacketGetAdapterNames, I
believe.

Note that I'm brand-new to the Win32 version of snort as of a 
few hours ago,
so please excuse any ignorance...

Basically, if you drop in a debug (with _DEBUG_TO_FILE) 
version of packet.dll,
you will get output similar to this when doing a "snort -W" to display
interfaces (when I get the empty interface list as shown above):

************Packet32: DllMain************
PacketGetAdapterNames: BufferSize=1024
Need 1246 bytes for the names
PacketGetAdapterNames: GlobalAlloc Failed

As you can see, the BufferSize is 1024, but I need 1246 bytes for the
interface list.  Therefore, things fail...

The question is -- why don't I have a big enough buffer?  :)  
I don't see
where this is set at all with the Packet.dll version of 
things.  If I look at
the Wpcap.dll code, I see that a buffer of size 8192 is set 
and passed into
PacketGetAdapterNames (from within pcap_lookupdev).  This is 
why everything
works fine when WinDump is used to show the interfaces -- 
since WinDump
appears to use the Wpcap.dll, correct?

So -- when packet.dll is used -- what exactly calls 
PacketGetAdapterNames?  I
don't really understand how packet.dll is used yet -- so 
please excuse my
ignorance there.  But, it basically looks like, for 
packet.dll, the buffer
size for whatever calls PacketGetAdapterNames is simply much 
too small (1024)
for some Win2000 boxes.

Can anyone fill me in if I'm missing something?  Or, if 
that's it, can someone
tell me where to adjust that buffer size for apps using packet.dll?

Thanks!

 - John Goggan...

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: