RE: Snort for WIndows newbie question...

["Michael Steele" <michaels () winsnort com>]

Chris Reid has been notified that Snort will need to be modified in order to
use WinPcap 3.1 and newer.

A good rule of thumb: Never use BETA versions, at least until the initial
IDS is functioning correctly using only release versions of Snort and its
support programs.

Also, never install WinPcap over itself. ALWAYS uninstall, reboot, check for
and remove any packet.dll found, and then install the new WinPcap.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin () lists sourceforge net [mailto:snort-users-
> admin () lists sourceforge net] On Behalf Of Ambrose, Joseph
> Sent: Wednesday, April 28, 2004 5:42 AM
> To: Sort List (E-mail)
> Subject: RE: [Snort-users] Snort for WIndows newbie question...
>
> Thanks Matt!
>
> It works now....
>
> Now all I have to do is convert the text files to allow notepad to read
> them.....
>
>
>
> Joseph Ambrose, MCSE
> System and Network Manager
> The Conference Board
> P: 001-212-339-0443
> F: 001-212-836-3802
> E: Joe.Ambrose () conference-board org
> Visit our Award Winning Web Site:  www.conference-board.org
>
>
>  -----Original Message-----
> From:         Matt Kettler [mailto:mkettler () evi-inc com]
> Sent: Monday, April 26, 2004 4:44 PM
> To:   Ambrose, Joseph; Sort List (E-mail)
> Subject:      Re: [Snort-users] Snort for WIndows newbie question...
>
> At 10:13 AM 4/26/2004, Ambrose, Joseph wrote:
> > "The procedure entry point PacketGetNetInfo could not be located in the
> > dynamic link library Packet.dll.
> >
> > I thought I installed Snort correctly, however.....
>
> After experiencing this myself, it appears that it's a winpcap version
> problem.
>
> If you go to the source of winpcap:
> http://winpcap.polito.it/install/default.htm
>
> Winpcap 3.0 works, but Winpcap 3.1-beta does not.
>
> Also note that you have to un-install 3.1 in order to successfully
> downgrade winpcap. You can verify the re-install worked by locating
> packet.dll in your system32 directory and doing a right-click properties.
> The version tab will give you the version number of packet.dll and you
> should see it change after you're done.
>
> For reference, my working version of the dll is reported as 3.0.0.18 by
> windows. This may not be the only working version, but it is one that
> works
> for me with snort 2.1.2.
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id149&alloc_id66&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users





-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users