Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: running basic snort on windows

From: Craig Wickesser <codecraig () gmail com>
Date: Mon, 07 Mar 2005 21:14:56 -0500
So I should be able to run snort in non-promiscuous mode? if so, can you direct me to how to do that? 

Thanks in advance,
craig

Dennis Propson wrote:


Hey Craig,

If you are going wireless, do not capture in promiscuous mode.  You should
be fine when you make this change.

Dennis

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Craig W
Sent: Monday, March 07, 2005 4:34 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] running basic snort on windows


well i have tried running ethereal and i am unable to capture any
packets at all.  I am using a Intel(R) PRO/Wireless 2200BG network
card....and i have found someone else with the same card, same OS,
same snort, winpcap, etc....same problem.

anyone know about this issue??

thanks

On Mon, 7 Mar 2005 15:50:32 -0500, Craig W <codecraig () gmail com> wrote:

well its not the beta version, and i dont need a beta version.  I
never had winpcap installed previously, so there is no old versions
existing.

...maybe i will try another winpcap version.

thanks


On Mon,  7 Mar 2005 14:37:34 -0600, Rich Adamson <radamson () routers com>

wrote:

I am running snort v2.3.0 RC2 on win xp pro....following the advice
given in previous posts I running through the README.WIN32....

When i perform one of the "simple" tests i get an error...below is

what i did

C:\>snort -v -n 3 - i 1
Running in packet dump mode

Initializing Network Interface \Device\NPF_{<mac_address_was_here>
}
ERROR: OpenPcap() FSM compilation failed:
       parse error
PCAP command: i 1
Fatal Error, Quitting..


I installed WinPCap v3.0, then installed snort, rebooted my machine.
FYI, i ran snort -W first to list my interfaces and it worked (i only
have 1).

Kind of smells like an incorrect WinPcap version. If you had installed
some other WinPcap verison and then installed v3.0 (no beta), you
should have rebooted prior to installing v3.0. If any of that sounds
familiar, then uninstall WinPcap, reboot, and install v3.0 again.

If you used a version of WinPcap v3.0 that includes the words 'beta',
etc, uninstall it and install v3.0.

If that above doesn't apply, the check:
system32\packet.dll is dated 4/4/2003
system32\wpcap.dll is dated 4/4/2003

I've got several of these running winpcap v3.0 on WinXP with no

problems.

Rich



--

http://www.codecraig.com
http://jroller.com/page/codecraig




--

http://www.codecraig.com
http://jroller.com/page/codecraig


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: