[Snort-users] win2k and snort
mike at ...92...
Thu Jul 20 01:54:44 EDT 2000
> I'm currently having some *slight* problems with my win2k (Professional)
> box and programs such as snort, nmapNT, and some other sniffing programs.
> have installed the correct drivers (2.0.2 I think.) I've quickly checked
> the winpcap webpage for updates but I didn't find anything. The computer
> isn't currently plugged into the network, but under the Network and Dialup
> Settings, it doesn't have an X their. I can start and stop the service. Is
> it just that I need to get it under a ethernet connection. It doesn't
> really matter, as I am currently testing it out on my P133 / 32M of ram...
Do you have a NIC installed at all? I have not tested snort nor any other
of my libpcap win32 ports under PPP in Win2k.
What does snort -L show?
Have you tried to delete and reinstall the NDIS driver? The winpcap NDIS
shim is not perfect.
> Would it be better if I stuck with w9x or what? (I haven't got that
> installed currently)
I run snort on a 98 box and a NT4 Server. I have tested it on Win2k
(Professional and Advanced. Advanced seems to work 90% of the time. Maybe
the cluster support screws with things?)
Most problems seem to be with the NDIS shim. Since you mentioned it happens
with the nmapNT port etc I am pretty sure the problem is with your NDIS
driver. Make sure you installed the Win2k version of the driver.
Hope that helps.
-- Michael Davis
More information about the Snort-users