[Snort-users] Buffer too small for packet.dll? (was: Error i nitializing NIC)

Reinhard Doberstein r.doberstein at ...5700...
Thu Apr 25 03:01:02 EDT 2002


Hi John,

sounds very interesting. 
Btw. there is a Bugreport about this, ist Number 543346
[http://sourceforge.net/tracker/index.php?func=detail&aid=543346&group_id=33
57&atid=103357].

By
Reinhard

--
Reinhard Doberstein
mailto:r.doberstein at ...348... http://www.doberstein.com
 


> -----Original Message-----
> From: John Goggan [mailto:jgoggan at ...5714...]
> Sent: Thursday, April 25, 2002 7:07 AM
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Buffer too small for packet.dll? 
> (was: Error
> initializing NIC)
> 
> 
> Reinhard Doberstein wrote:
> 
> > With "snort -W" i got:
> >
> > -*> Snort! <*-
> > Version 1.8-WIN32 (Build 103)
> > By Martin Roesch (<EMAIL: PROTECTED>, http://www.snort.org)
> > 1.7-WIN32 Port By Michael Davis (<EMAIL: PROTECTED>,
> >  http://www.datanerds.net/~mike)
> > 1.8-WIN32 Port By Chris Reid (<EMAIL: PROTECTED>)
> >           (based on code from 1.7 port)
> > 
> > Interface       Device          Description
> > -------------------------------------------
> > 1
> > 
> > .................................................................
> > 
> > so i got nothing by Device or Description. And that happend on all
> > machines. I think this is the problem.
> 
> I am having this same problem on 2 out of 3 of my Win2000 
> machines.  After
> looking over the sourcecode for a while, I've discovered that 
> it is some type
> of problem with the length of BufferSize passed to 
> PacketGetAdapterNames, I
> believe.
> 
> Note that I'm brand-new to the Win32 version of snort as of a 
> few hours ago,
> so please excuse any ignorance...
> 
> Basically, if you drop in a debug (with _DEBUG_TO_FILE) 
> version of packet.dll,
> you will get output similar to this when doing a "snort -W" to display
> interfaces (when I get the empty interface list as shown above):
> 
> ************Packet32: DllMain************
> PacketGetAdapterNames: BufferSize=1024
> Need 1246 bytes for the names
> PacketGetAdapterNames: GlobalAlloc Failed
> 
> As you can see, the BufferSize is 1024, but I need 1246 bytes for the
> interface list.  Therefore, things fail...
> 
> The question is -- why don't I have a big enough buffer?  :)  
> I don't see
> where this is set at all with the Packet.dll version of 
> things.  If I look at
> the Wpcap.dll code, I see that a buffer of size 8192 is set 
> and passed into
> PacketGetAdapterNames (from within pcap_lookupdev).  This is 
> why everything
> works fine when WinDump is used to show the interfaces -- 
> since WinDump
> appears to use the Wpcap.dll, correct?
> 
> So -- when packet.dll is used -- what exactly calls 
> PacketGetAdapterNames?  I
> don't really understand how packet.dll is used yet -- so 
> please excuse my
> ignorance there.  But, it basically looks like, for 
> packet.dll, the buffer
> size for whatever calls PacketGetAdapterNames is simply much 
> too small (1024)
> for some Win2000 boxes.
> 
> Can anyone fill me in if I'm missing something?  Or, if 
> that's it, can someone
> tell me where to adjust that buffer size for apps using packet.dll?
> 
> Thanks!
> 
>  - John Goggan...
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list