[Snort-sigs] Issue

Matt Kettler mkettler at ...189...
Fri May 16 11:43:13 EDT 2003


1) you'll probably be better off following up on the snort-users list 
instead of here.. it's the correct list, and it's got more users on it. 
snort-sigs is the people that do packet dump analysis and rule development, 
so there's a lot fewer users here.. particularly a LOT fewer 
snort-for-windows users.

2) what version of snort are you using?

3) You need a -i in front of interface names for snort on the command line, 
and You want to remove the part in ()'s. (I know windump fails if you 
include the expanded name)

So your command line really should look more like this:
snort -v -i \Device\NPF_{37B8DFB9-9F3C-4585-BF8C-F65A3422564B}

At 12:19 PM 5/16/2003 +0100, Colin.Slevin at ...1117... wrote:
>Hi all ,
>
>I am entering this command and I am recieving the error below. Can someone
>help. I believe it is a problem with Winpcap. But I don't know how to
>resolve the issue . All help is greatly appreciated as I ran accross this
>error in Linux also.
>
>
>
>snort -v \Device\NPF_{37B8DFB9-9F3C-4585-BF8C-F65A3422564B} (Intel
>8255x-based Integrated Fast Ethernet)
>
>Initializing Network Interface
>\Device\NPF_{37B8DFB9-9F3C-4585-BF8C-F65A3422564B}
>
>
>ERROR: OpenPcap() FSM compilation failed:
>         PCAP command: %s
>
>Fatal Error, Quitting..
>
>
>
>
>
>
>
>-------------------------------------------------------
>Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
>The only event dedicated to issues related to Linux enterprise solutions
>www.enterpriselinuxforum.com
>
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list