[Snort-users] Buffer too small for packet.dll? (was: Error i nitializing NIC)
r.doberstein at ...5700...
Thu Apr 25 03:01:02 EDT 2002
sounds very interesting.
Btw. there is a Bugreport about this, ist Number 543346
mailto:r.doberstein at ...348... http://www.doberstein.com
> -----Original Message-----
> From: John Goggan [mailto:jgoggan at ...5714...]
> Sent: Thursday, April 25, 2002 7:07 AM
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Buffer too small for packet.dll?
> (was: Error
> initializing NIC)
> Reinhard Doberstein wrote:
> > With "snort -W" i got:
> > -*> Snort! <*-
> > Version 1.8-WIN32 (Build 103)
> > By Martin Roesch (<EMAIL: PROTECTED>, http://www.snort.org)
> > 1.7-WIN32 Port By Michael Davis (<EMAIL: PROTECTED>,
> > http://www.datanerds.net/~mike)
> > 1.8-WIN32 Port By Chris Reid (<EMAIL: PROTECTED>)
> > (based on code from 1.7 port)
> > Interface Device Description
> > -------------------------------------------
> > 1
> > .................................................................
> > so i got nothing by Device or Description. And that happend on all
> > machines. I think this is the problem.
> I am having this same problem on 2 out of 3 of my Win2000
> machines. After
> looking over the sourcecode for a while, I've discovered that
> it is some type
> of problem with the length of BufferSize passed to
> PacketGetAdapterNames, I
> Note that I'm brand-new to the Win32 version of snort as of a
> few hours ago,
> so please excuse any ignorance...
> Basically, if you drop in a debug (with _DEBUG_TO_FILE)
> version of packet.dll,
> you will get output similar to this when doing a "snort -W" to display
> interfaces (when I get the empty interface list as shown above):
> ************Packet32: DllMain************
> PacketGetAdapterNames: BufferSize=1024
> Need 1246 bytes for the names
> PacketGetAdapterNames: GlobalAlloc Failed
> As you can see, the BufferSize is 1024, but I need 1246 bytes for the
> interface list. Therefore, things fail...
> The question is -- why don't I have a big enough buffer? :)
> I don't see
> where this is set at all with the Packet.dll version of
> things. If I look at
> the Wpcap.dll code, I see that a buffer of size 8192 is set
> and passed into
> PacketGetAdapterNames (from within pcap_lookupdev). This is
> why everything
> works fine when WinDump is used to show the interfaces --
> since WinDump
> appears to use the Wpcap.dll, correct?
> So -- when packet.dll is used -- what exactly calls
> PacketGetAdapterNames? I
> don't really understand how packet.dll is used yet -- so
> please excuse my
> ignorance there. But, it basically looks like, for
> packet.dll, the buffer
> size for whatever calls PacketGetAdapterNames is simply much
> too small (1024)
> for some Win2000 boxes.
> Can anyone fill me in if I'm missing something? Or, if
> that's it, can someone
> tell me where to adjust that buffer size for apps using packet.dll?
> - John Goggan...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users