[Snort-devel] Win32 and interface

Chris Reid chris.reid at ...583...
Mon Sep 29 17:40:03 EDT 2003


One thing to note is that the Interface names returned are actually Unicode
(double-byte character) strings.  The second (upper?) byte of each character
is zero/null for ASCII characters.  Look at the value in the memory window
rather than "Quick Watch".

Chris Reid

----- Original Message ----- 
From: "Ian Macdonald" <secsnortdev at ...1490...>
To: <snort-devel at lists.sourceforge.net>
Sent: Monday, September 29, 2003 2:51 PM
Subject: [Snort-devel] Win32 and interface


I am having a few issues with 2.0.2, visual studio 6 and mysql

I get the following error when use -i and when I don't.

I did a trace on the code. Seems that the devicet =
pcap_lookupdev(errorbuf); call is returning \ as the interface name. This
then causes problems for mysql later.

Should pcap_lookup be returning "\" as the interface name?





=======ERROR==================
database: mysql_error: You have an error in your SQL syntax near '1' AND
encodin
g = '0' AND filter IS NULL' at line 1
database: mysql_error: You have an error in your SQL syntax near '1','0',
'0')'
at line 1
SQL=INSERT INTO sensor (hostname, interface, detail, encoding, last_cid)
VALUES
('TEST-SENSOR','\','1','0', '0')
database: mysql_error: You have an error in your SQL syntax near '1' AND
encodin
g = '0' AND filter IS NULL' at line 1
database: Problem obtaining SENSOR ID (sid) from snort->sensor
ERROR:
 When this plugin starts, a SELECT query is run to find the sensor id for
the
 currently running sensor. If the sensor id is not found, the plugin will
run
 an INSERT query to insert the proper data and generate a new sensor id.
Then a
 SELECT query is run to get the newly allocated sensor id. If that fails
then
 this error message is generated.

 Some possible causes for this error are:
  * the user does not have proper INSERT or SELECT privileges
  * the sensor table does not exist

 If you are _absolutely_ certain that you have the proper privileges set and
 that your database structure is built properly please let me know if you
 continue to get this error. You can contact me at (roman at ...49...).

Fatal Error, Quitting..





More information about the Snort-devel mailing list