[Snort-users] Win2K OpenPcap Probs

Brad Plies maliki at ...3045...
Fri Feb 8 10:11:13 EST 2002

I, like some others, am having problems with using
idscenter.  The error is:

   |> IDScenter test console <|
   -- Press ENTER after checking Snorts output --
   Log directory = log

   Initializing Network Interface \
   ERROR: OpenPcap() FSM compilation failed:
   syntax error
   PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program

And not like the message on the FAQ:
   ERROR: OpenPcap() device open:
   Error opening adapter

Nonetheless I re-installed OpenPcap to be sure, no success.

Running snort in console mode kinda-sorta works, meaning
it doesn't get auto-killed but I didn't pick up any
activity in the alert file and only a small statistic
on # of received ARP packets.  Oh, and some kind of
OpenPcap statistics error happens when you're shutting
down snort.  I'll copy/paste that error another time.

My questions are:
Does idscenter extend snort's functionality in any way, besides
the GUI?  If I configure snort through idscenter and run it
in console mode, will it still behave identically?  Does
anyone know how to get idscenter to work under Win2K who
have had this error at one time?

Thanks in advance,

More information about the Snort-users mailing list