Snort mailing list archives

RE: W2K snort launch & halt

From: "Michael Steele" <michaels () silicondefense com>
Date: Tue, 17 Dec 2002 11:37:11 -0800

Serge,

 

Try:

 

Snort -W

 

This will display all adapters. Pick the appropriate adapter and type:

 

Snort -d -e -v - ix

 

Note: the x in -ix should be the adapter you want Snort to sniff on.

   -Michael

--
 Michael Steele | System Engineer / Support Technician
mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Serge D.
Jorgensen
Sent: Wednesday, December 11, 2002 10:55 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] W2K snort launch & halt

 

I just ran into a problem with a Snort install on a clean W2K box -
everything seems to install fine (using WinPcap 2.3 and Snort 1.9), but on
even a basic snort -d -e -v I get an initial "Initializing.", then a
"Warning: OpenPcap() device \Device\Packet_NdisWanIp network lookup:" which
says it completes successfully, initializing snort, and the version
information. then nothing. I can Ctrl-C out of it, which gives the Snort
analyzed 0 out of 0 packets, and ends with a 

Pcap_loop: read error: PacketReceivePacket failedpcapstats: PacketGetStats
error

 

Haven't seen this before - would appreciate any thoughts. Thanks.

 

Serge

Current thread:

W2K snort launch & halt Serge Jorgensen (Dec 11)
- <Possible follow-ups>
- RE: W2K snort launch & halt Scott Olihovik (Dec 11)
- RE: W2K snort launch & halt Hicks, John (Dec 11)
  - RE: W2K snort launch & halt Serge Jorgensen (Dec 11)
- RE: W2K snort launch & halt L. Christopher Luther (Dec 11)
- W2K snort launch & halt Serge D. Jorgensen (Dec 17)
  - RE: W2K snort launch & halt Michael Steele (Dec 17)