[Snort-devel] More userfriendly

Erek Adams erek at ...105...
Fri Sep 21 12:07:14 EDT 2001

On Fri, 21 Sep 2001 pault at ...831... wrote:

> Just some suggestions on putting more help in the README.   I didn't see
> any references (other that from ./configure and make)  telling me I needed
> to download Bison, Flex and libpcap 0.62 (the whole package, not the one
> mentioned in the README) to sucessfully compile on my Enterprise 250's and
> SparcStations.

Point taken, but I think the reason they aren't in the README is that the
README is 'what you all must do'.  Whereas you don't have those packages on
your system, some others already have them.  That's why it is mentioned in the


2.9 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: Why does building snort fail with errors about yylex and lex_init?

A: You need the lex and yacc tools or their gnu equivalents
   flex and bison installed.


I might be barking up the wrong tree here, but do you have /usr/ccs/bin/ in
your path?  If not ./configure can't find lex and yacc that come in the
standard Solaris install.

Now your statement about libpcap and needing 'the whole package'.  What
exactly do you mean?  The INSTALL file states "1.) *** Make sure you have
libpcap installed!!! ***".  With libpcap you need to do a 'make install-incl'
once you've built the package.

> It's a nice package, and I like what you've done, but we're not all
> programmers...

Hell no!  I couldn't program my way out of a wet paper bag! :)

> The windows version says it won't run and needs "packet.dll".

6.14 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: I am using Snort on Windows and receive an OpenPcap() error upon startup:

        ERROR: OpenPcap() device open:
        Error opening adapter

   What's wrong?

A: Either winpcap is not installed, or you are using an incompatible version.
   Try upgrading to the latest version (2.1 as of 4/11/01).  It is available
   from http://netgroup-serv.polito.it/winpcap/

Give the docs a little time.  The developers are busy little beavers working
towards 2.0.  Once that is done, I think we'll see a MAJOR doc re-write!

Hope this helps! :)

Erek Adams

