[Snort-users] Win2K Advanced Server problems

Frank Knobbe FKnobbe at ...649...
Wed Apr 11 11:44:58 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What version of the WinPCap drivers do you have installed? Also, are
you using the LibNetNT.DLL that comes with snort? Make sure that file
is of date 8/24/2001 and is in your winnt\system32 directory.

Regards,
Frank


> -----Original Message-----
> From: John Girvin [mailto:john.girvin at ...1795...]
> Sent: Wednesday, April 11, 2001 9:40 AM
> 
> I've got snort-1.7-win32-FlexRESP-static installed on a Win2K
> Advanced Server box set up as follows:
>   - Win2K Advanced Server + SP1 + latest patches
>   - Exchange 2000
>   - Terminal Services in Remote Admin mode
>   - Two NICs, NETGEAR FA-311
> 
> Im having some problems getting the resp: rule option to work.
> I'm using the following simple (test) ruleset to drop port 25
> connections:
> 
> -----8<----------------------
> preprocessor defrag
> alert tcp any any -> $EXT_IP 25  (msg: "smtp connection"; 
> resp: rst_all; )
> ----->8----------------------
> 
> When I run snort it initialises OK and seems to capture packets as
> you would expect. However when a port 25 packet comes in, I get 
> lots of the
> following message:
> 	PacketSendPacket failed 
> 
> When I quit snort it complains as follows:
> 	pcap_loop: read error: PacketReceivePacket failed
> 	pcap_stats: PacketGetStats error
> 
> Any ideas or suggestions as to whats broken?

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOtR7+pytSsEygtEFEQITMQCffYKK/JavcxWSP6wxdHM7uy1J33QAoIUT
He3z471psDsVszZATU/Bde3O
=/Gsv
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list