[Snort-users] Win2K Advanced Server problems

Michael Davis mike at ...92...
Thu Apr 12 19:56:57 EDT 2001

> I can't find the 'PacketSendPacket' string in the snort source, so I
> assume that's generated by the PCap or LibNet driver.

PacketSendPacket is part of the winpcap driver. LibnetNT uses it to put the
packet on the wire.

> that W2K application server.

LibnetNT is broke as hell. I had planned to write a real working version but
I don't have any time.

> Another option would be to change the 'libnet_write_ip' functions to
> some NT raw socket function, although I'm not sure how flexible that
> function would be. Maybe someone else can shed some light on this.

There is no raw socket support under NT4, 2k has a lot more options for raw
sockets but I think you should never break a program up to use two totally
different ways to accomplish something because the program doe snot work
well on one arch.

I do know about with w2k problem. It is an odd one though cause on my 2k box
everything works fine. I need to do some more testing etc to nail down the
problem.  This is not the first libnetNT problem.

That's just my two cents.

Michael Davis
Chief Technical Officer
Data Nerds, LLC.

