Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows32 Snort without WPcap.dll?

From: Steven Bairstow <sab139 () psu edu>
Date: Mon, 14 Jun 2004 14:16:08 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Would it be possible to compile WPcap into Snort like a Linux
statically linked binary?  If I understand correctly, in order to do
that, you would need to be able to load the capture driver on the
fly.  But I suspect that Microsoft doesn't give you the ability to do
that.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQM3rR0cxdTMMgeE8EQJsyACgu0+oinRNpRftkbf7qkyBXS3XZtgAnA6c
geMkpBY7akIrgdQ95vb8g9LJ
=ueRI
-----END PGP SIGNATURE-----



At 1:13 PM -0400 6/14/04, Keith W. McCammon wrote:

No can do, as far as I'm aware.  Even if you're using the built-in Windows packet analysis tool, you need to install 
their capture driver.   Over-simplification follows...

Under normal circumstances, an application would open up a socket for network communication, and the stack then keeps 
track of these sockets and binding applications.  When you're running a capture engine, you're asking for a copy of 
every packet that crosses the stack, independent of the application.  Thus, you need a special driver.

Steven Bairstow wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does anyone know of a version of Snort for MS Windows that can be run
without installing WPcap.dll?  I don't need the interface to be in
promiscuous mode as I only need to see the local traffic. Ultimately, I would like to be able to run Snort without 
rebooting
the machine or installing any software onto the machine. 
Thanks.



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQM3QBEcxdTMMgeE8EQL3TQCeKd2mK1rDtgwWOMtO6Yw6hADykP0AoLQk
YgormcP3S0ozq3PdelkhAB0v
=Gnd7
-----END PGP SIGNATURE-----






-- 


Steven Bairstow
Computer and Network Services - Abington College - Penn State University
http://www.personal.psu.edu/~sab139              PGP Key ID = 0x0C81E13C


"No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced."


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: