[Snort-users] More WinPcap 2.3 and Win2k

Don Don at ...5881...
Wed Jun 19 11:41:05 EDT 2002


I experienced this problem with the newer WinPcap as well, i just reverted
to an old winPcap i had downloaded months before, as well as a previous
build of snort, 1.8.6 (win32) build 105, i have no idea currently how to
check the winPcap version
I had sent an email to winPcap support about it, which they did reply, i
just havent had chance to try this all again as of yet, an issue i thought
may have something to do with the problem was that I use pgpNET, which binds
to adapters, on my system, altho i was not using it, nor did i have it
enabled at the time, as I recall.

Don

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Michael
Steele
Sent: Tuesday, June 18, 2002 4:33 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] More WinPcap 2.3 and Win2k


Chris,

He has the latest from us. It very well could be that he is running a
dual processor box and has not terminated the second processor in the
boot.ini file at all, or correctly. I can build another latest build of
Snort but I don't think that will help.

There has been a LOT of these types of issues in the last week or so.
Could it be that everyone is upgrading from older versions, or has there
been a massive infusion of Windows users into the Snort community.

Michael Steele | System Engineer / System Administrator
mailto:michaels at ...155...
http://www.silicondefense.com

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Chris Reid
Sent: June 18, 2002 12:04 PM
To: Madziarczyk, Jonathan
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] More WinPcap 2.3 and Win2k


The reason you're seeing nothing in the interface list is also a WinPcap
problem.  In previous versions of WinPcap there is a 1K buffer, which
overflows if you have many interfaces (ie. 10+).  This has been replaced
with an 8K buffer in more recent versions of WinPcap.  The current snort
distribution should already be linking against the newer WinPcap
libraries,
which should resolve this problem.  Try obtaining a more recent build of
snort.

Chris Reid


----- Original Message -----
From: "Madziarczyk, Jonathan" <than at ...3657...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, June 18, 2002 10:25 AM
Subject: [Snort-users] More WinPcap 2.3 and Win2k


> I've done a little digging and from what I can see this appears to be
a
> WinPcap problem, I tried windump -D and I get the same error, so it's
not
> snort specific.  Also one thing I didn't mention previously was that
my
> snort -W shows what I think is nothing.  There are 4 nics in my
machine
and
> all I see is this:
>
> C:\Snort>snort -W
>
> -*> Snort! <*-
> Version 1.8.7-MySQL-WIN32 (Build 121)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 1.7-WIN32 Port By Michael Davis (mike at ...92...,
> www.datanerds.net/~mike)
> 1.8-WIN32 Port By Chris Reid (chris.reid at ...3029...)
> 1.8-WIN32 Compiled By Michael Steele (michaels at ...155...,
> www.siliconde
> fense.com)
>           (based on code from 1.7 port)
>
> Interface       Device          Description
> -------------------------------------------
> 1
>
> C:\Snort>
>
> For some reason I think this interface 1 is a loopback.
>
> Hope this info is of some use.
>
> Peace,
> Jon M
>
> "(Anakin) Why do I get the feeling you'll be the death of me someday"
> --ObiWan
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
Madziarczyk,
> Jonathan
> Sent: June 17, 2002 2:39 PM
> To: 'snort-users at lists.sourceforge.net'
> Subject: [Snort-users] WinPcap 2.3 and Win2k
>
> I'm setting up a new install of Snort on Win2k and I'm getting the
"ERROR:
> OpenPcap( ) device open: Error opening adapter: Overlapped I/O
operation
is
> in progress.  Fatal Error, Quitting.."
>
> The FAQ says this can be due to an old incompatible, or uninstalled
version
> of WinPcap.  I'm using 2.3 and the install appears to be running
> successfully. Is there any way I can check to make sure it is, or is
this
> already a known issue?
>
> Thanks,
> JonM
>
>
>



------------------------------------------------------------------------
----
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list