[Snort-devel] A Possible Bug Report for Snort 1.8 Win32
Erickson Brent W KPWA
erickson at ...593...
Fri Aug 10 15:48:41 EDT 2001
I sent this report yesterday to Chris Reid and he recommended I report it to
Here is the info I provided Chris:
I tried your basic.exe on both NT 4.0 sp6 and 98 and it will not run with
the z option on the command line in either system. Both systems run Snort
1.7 or the latest version of windump in a stable fashion.
The NT 4.0 sp6 workstation is a P3 450 with 128mb memory and 5g free hard
drive space with winpcap 2.1
I am using the latest whitehats 1.8 vision rules.
If I do snort -vde
I capture traffic.
If I do snort -A fast -c snort.conf
It works ok.
If I do snort -A fast -z -c snort.conf
I receive an immediate DR Watson error on NT and on 98 I receive an
immediate invalid page fault error. I realize that Snort may not have been
designed for Win 98 but 1.7 runs very well on it.
We run three NT 4.0 Snort 1.7 production systems at work.
Here is my snort.conf:
var HOME_NET 126.96.36.199/16
var EXTERNAL_NET !$HOME_NET
var DNS1 188.8.131.52
VAR DNS2 184.108.40.206
preprocessor stream4: detect_scans
preprocessor http_decode: 80
preprocessor portscan: $HOME_NET 5 5 portscan.log
preprocessor portscan-ignorehosts: $DNS1 $DNS2
Everything else is commented out.
Do you have any ideas ?
Am I doing somethin wrong ?
As I said earlier both systems run Snort 1.7 and windump.
They also will run Snort 1.8 until I enable the z switch from the command
Thank you for your time and help.
PS. I also downloaded the static binary from Silicon Defense and it did the
More information about the Snort-devel