Re: [Snort-users] Win32 Users Survey

[Steven Sturges <steve.sturges () sourcefire com>]

Hi Rob--

I was asking more from the perspective of seeing how people used
Snort, as we're looking at updating/adding to the output of -W.

If Win32 Snort users aren't using the \Device approach with -i,
the device information is probably not needed in the -W output.

And this is for the Snort released from snort.org, not winsnort.  ;)

Cheers.
-steve

Rob Dixon wrote:
> what version of winsnort and winpcap?
>
>
>
> On Wed, May 5, 2010 at 5:28 PM, Steven Sturges <steve.sturges () sourcefire com
> > wrote:
>
> > For those using Snort on windows platforms, how do you
> > specify the interface on which to sniff packets?
> >
> > With Snort on windows, you can use the -W command line
> > option to query the list of interfaces and then there are
> > options for starting Snort.
> >
> > Using -i with the interface number (index) from the -W output
> >
> > -i <num>
> >
> > OR using -i with the device name
> >
> > -i \Device\NPF_<uuid>
> >
> > OR
> >
> > No -i on command line and let Snort select the first interface
> > that WinPcap finds.
> >
> > Thanks.
> > -steve
> >
> >
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel