[Snort-users] Packet Adapter device failure W2K

Burleson, Lee (IA) Lee.Burleson at ...1358...
Wed Mar 7 08:57:38 EST 2001


Greetings.

I have had great luck with the newer build of the packet driver, version
2.1.  It does not use the .inf method (no protocol install); it just sets up
the service/device in the registry.

Follow these instructions to remove the old driver:
* remove old protocol entry in the network settings GUI
* remove packet device entries in registry: there will be some odd-looking
keys (GUIDs?) at the very end of ...\services that correspond to each
adapter.  They should be removed as well.
* reboot
* run the WinPCap.exe file: it create the service/device entry in
...\services and also recreate the packet device entries.
* reboot

For anyone rolling their eyes about now, the reboots are because the packet
device is not coded to allow dynamic removal and install (Pnp)... not
win2k's fault ;).

Hope that helps.

- Lee

> -----Original Message-----
> From: Michael Davis [mailto:mike at ...92...]
> Sent: Tuesday, March 06, 2001 10:43 PM
> To: comedia at ...1472...; Snort List (E-mail)
> Subject: Re: [Snort-users] Packet Adapter device failure W2K
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This is the normal w2k crap.
> 
> If other packet capture programs work. Do the following:
> 1) Remove the winpcap driver via the network applet in the control
> Panel.
> 2) Reboot.
> 3) Open regedit and delete
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Packet key.
> 4) Reboot.
> 5) Reinstall winpcap drivers.
> 
> Hope that helps,
> Michael Davis
> Chief Technical Officer
> Data Nerds, LLC.
> http://www.datanerds.net
> 
> - ----- Original Message ----- 
> From: comedia at ...1472... 
> To: Snort List (E-mail) 
> Sent: Monday, March 05, 2001 5:27 AM
> Subject: [Snort-users] Packet Adapter device failure W2K
> 
> 
> Here s the message I get when lauching snort :
> 
>         --== Initializing Snort ==--
> 
> Initializing Network Interface
> \Device\Packet_{1C0B2699-360C-4C7A-AEEF-6669C063D
> 016}
> ERROR: OpenPcap() device
> \Device\Packet_{1C0B2699-360C-4C7A-AEEF-6669C063D016} o
> pen:
>         Error opening adapter
> 
> Though the windows 2000 seems to work fine with the packet capture
> driver installed.
> 
> Is there a complete help for W2k-snort somewhere on the web ?
> 
> Thanks for your help !
> 
> Christophe
> 
> 
> 
>  
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBOqW8YPiUqZ9dnoKsEQJcJQCgogECjjuC9QaFMa0Rp419MLkbIiEAoPAO
> PzRRHVJu40XSU///xT4tFWlo
> =HBBN
> -----END PGP SIGNATURE-----
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




More information about the Snort-users mailing list