Snort mailing list archives
RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort
From: "Adam Kliarsky" <360air () comcast net>
Date: Sun, 13 Feb 2005 22:49:40 -0800
So let me clarify, you have used Windump, but not successfully w/ wireless? When you run windump -D do you see the wireless interface? If so, when you run windump -i 1 (assuming 1 is the listed wireles nic) do you see any traffic? What version of winpcap are you using? That might be your problem Adam _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ben van der Merwe Sent: Sunday, February 13, 2005 10:09 PM To: snort-users () lists sourceforge net Subject: [Snort-users] no packets logged on wireless NIC using WinPcap 3.0, winsnort [Is this a 'wireless' limitation or a WinPCap/win32 limitation. Is 'snort wireless' ok on linux ???] Original message: Everything seems ok when I do a 'snort -W': Interface Device Description ------------------------------------------- 1 \Device\NPF_{24284523-9129-4F0E-83A3-FB0731F53D25} (D-Link AirPlus Xtreme G DWL-G520 Adapter (Microsoft's Packet Scheduler) ) (although I am sure that I also had another eth interface listed when doing a similar command in windump) When I try to log packets with ' snort -b -v -l c:\Snort\log -i 1' I get an empty log file (which is deleted as soon as I stop snort). I have used snort on linux for a while now, but I may be missing something obvious. I will continue scrutinizing README.wireless, README.win32 and the faq in case I am doing something stupid. I have used tcpdump (windump) for a while, but the wireless cards were not really supported. snort (and winsnort) seem to have good support for wireless cards - is this due to an improvement in WinPcap ? If this is true tcpdump should also have better support for wireless NIC's. Finally, what is meant by a wirleless card that is in "RFMON" mode ? Is this not the default setting ? (How can I change this ?) Some additional info on my installation: 1) snort version: Version 2.3.0RC2-ODBC-MySQL-FlexRESP-WIN32 (Build 9) 2) WinPcap 3.0 3) Windows XP Home Service Pack 2 (with automatic updates) (I also had to change the permissions on my c:\snort directories before the empty log file was created.) Thank you. Ben
Current thread:
- no packets logged on wireless NIC using WinPcap 3.0, winsnort Ben van der Merwe (Feb 13)
- RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort Adam Kliarsky (Feb 13)
- RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort Adam Kliarsky (Feb 13)
- Message not available
- Re: no packets logged on wireless NIC using WinPcap 3.0, winsnort Ben van der Merwe (Feb 14)