Re: no packets logged on wireless NIC using WinPcap 3.0, winsnort

["Ben van der Merwe" <benm () pasco co za>]

There used to be a document that listed all the wireless NIC's that 
work/does not work with WinPcap, but unfortunately this link does not exist 
any more (http://home.comcast.net/~jay.deboer/airsnare/supported.htm)

This document is referenced in the faq section of the winpcap home page 
(http://winpcap.polito.it/misc/faq.htm#Q-16).
Maybe we should ask 'polito.it' or airsnare to make this document available 
again. We need to know who maintains this document at present.


----- Original Message ----- 
From: "Rich Adamson" <radamson () routers com>
To: "Ben van der Merwe" <benm () pasco co za>
Sent: Monday, February 14, 2005 1:36 PM
Subject: Re: [Snort-users] no packets logged on wireless NIC using WinPcap 
3.0, winsnort


> In the win32 environment (can't speak to linux environment), snort still 
> relies
> on the winpcap driver for monitoring traffic. However, not all wireless 
> drivers
> have monitoring support therefor winpcap cannot capture the data flows.
> Orincoco cards do; Linksys does not; not sure about Dlink.
>
> ------------------------
>
> > [Is this a 'wireless' limitation or a WinPCap/win32 limitation. Is 'snort 
> > wireless' ok on
> linux ???]
> > Original message:
> >
> > Everything seems ok when I do a 'snort -W':
> > Interface Device  Description
> > -------------------------------------------
> > 1  \Device\NPF_{24284523-9129-4F0E-83A3-FB0731F53D25} (D-Link AirPlus 
> > Xtreme G DWL-G520
> Adapter (Microsoft's Packet Scheduler) )
> > (although I am sure that I also had another eth interface listed when 
> > doing a similar command
> in windump)
> > When I try to log packets with ' snort -b -v -l c:\Snort\log -i 1'
> > I get an empty log file (which is deleted as soon as I stop snort).
> > I have used snort on linux for a while now, but I may be missing 
> > something obvious. I will
> continue scrutinizing README.wireless,
> > README.win32 and the faq in case I am doing something stupid.
> > I have used tcpdump (windump) for a while, but the wireless cards were 
> > not really supported.
> > snort (and winsnort) seem to have good support for wireless cards - is 
> > this due to an
> improvement in WinPcap ?
> > If this is true tcpdump should also have better support for wireless 
> > NIC's.
> > Finally, what is meant by a wirleless card that is in "RFMON" mode ? Is 
> > this not the default
> setting ? (How can I change this ?)
> > Some additional info on my installation:
> > 1) snort version: Version 2.3.0RC2-ODBC-MySQL-FlexRESP-WIN32 (Build 9)
> > 2) WinPcap 3.0
> > 3) Windows XP Home Service Pack 2 (with automatic updates)
> > (I also had to change the permissions on my c:\snort directories before 
> > the empty log file was
> created.)
> > Thank you.
> > Ben
> ---------------End of Original Message-----------------



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users