[Snort-users] problems with new IDScenter installation package from snort.org

counter.spy at ...348... counter.spy at ...348...
Sun Jan 27 12:35:02 EST 2002


Hi, 
my name is Detmar. I am currently evaluating several IDSs for 
my diploma thesis. 
I am sorry if my questions may sound stupid,
but I am a Newbie with Snort (not only with snort ;-))
and I havent found anything about those specific problems, yet.
Although I have found some e.g.:
FROM: Dragos RuiuDATE: 12/19/2001 13:55:45
SUBJECT: RE:  [Snort-users] IDScenter (v1.09) problems smmarized)

I have encountered some problems with the current version of
IDScenter (1.09 BETA) and Snort Win32 1.8.3, which I downloaded
as "wise installation package" from snort.org.

When I had installed IDScenter 1.09 BETA and snort manually 
before this try, I didnt have those problems. 
Now I'm not sure where the problems are - with IDScenter 
or with snort or with winpcap?

I am running (or attempting to run) three installations of 
Snort win32 and there are three different problems:

1. Windows 98 
Problem:	Installation quits.
Error Message:	>>The file "MSIEXEC" or one of its components
		could not be found. Make sure that the path
		settings and filenames are correctly set
		and that all required libraries are available.<<
		I do understand that MSIEXEC is needed to interpret
		and install installation packages in windows.
		But I never had any problems in installing
		anything on this machine with wise installation
		wizard, before.

2. Windows 2000 Professional
Problem:	Snort is too quiet. No alerts at all, even not
		when attempting to open a session from netcat or
		nmap portscanning.
Note:		The previous installation performed just fine.
		

3. Windows 2000 Advanced Server
Problem:	Snort quits due to PCAP problem
Message: 	|> IDScenter test console <|
		-- Press ENTER after checking Snorts output --
		Log directory = log

		Initializing Network Interface \
		ERROR: OpenPcap() FSM compilation failed:
        	syntax error
		PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
Files\Sourcefire\S
		nort -A full -h 192.168.0.111/32 -i 1 -a -b -d -e
		Fatal Error, Quitting..

Note:		This is not my real IP ;-), but the rest is correct.
		Libpcap works fine with Ethereal. No network problems.
		IDScenter has correctly detected my IP settings and a script
		was successfully generated. 
		For some reason, win2000 has remembered some old NIC installation
		but this is "hidden" (I had some warning when I installed the new NIC)
		and the LAN connection has the name "Local area connection 2".
		Could that be a reason? How can I access a "hidden" setting?


Thanx for any hints!

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list