[Snort-users] win2k and snort

Michael Davis mike at ...92...
Thu Jul 20 01:54:44 EDT 2000

> Hi,


> I'm currently having some *slight* problems with my win2k (Professional)
> box and programs such as snort, nmapNT, and some other sniffing programs.
> have installed the correct drivers (2.0.2 I think.) I've quickly checked
> the winpcap webpage for updates but I didn't find anything. The computer
> isn't currently plugged into the network, but under the Network and Dialup
> Settings, it doesn't have an X their. I can start and stop the service. Is
> it just that I need to get it under a ethernet connection. It doesn't
> really matter, as I am currently testing it out on my P133 / 32M of ram...

Do you have a NIC installed at all?  I have not tested snort nor any other
of my libpcap win32 ports under PPP in Win2k.

What does snort -L show?

Have you tried to delete and reinstall the NDIS driver?  The winpcap NDIS
shim is not perfect.

> Would it be better if I stuck with w9x or what? (I haven't got that
> installed currently)

I run snort on a 98 box and a NT4 Server.  I have tested it on Win2k
(Professional and Advanced. Advanced seems to work 90% of the time.  Maybe
the cluster support screws with things?)

Most problems seem to be with the NDIS shim.  Since you mentioned it happens
with the nmapNT port etc I am pretty sure the problem is with your NDIS
driver.  Make sure you installed the Win2k version of the driver.

Hope that helps.

-- Michael Davis

More information about the Snort-users mailing list