[Snort-users] RE: Installing SNORT 1.8.3 on win2k server

Martin Roesch roesch at ...1935...
Tue Mar 12 15:29:21 EST 2002


On 3/12/02 1:50 PM, "Michael Steele" <michaels at ...155...> wrote:
> I apologize if this is not a Sourcefire associated installer. I was
> under the impression that it was, because of the path "Sourcefire" when
> it's installed. This is very confusing. I believe the Sourcefire name is
> protected and not just anyone is authorized to use it, without
> permission of whomever the name belongs. My mistake and I do sincerely
> apologize.

Sourcefire is a trademarked name and Dragos has permission to use it in the
Windows installer distributed on snort.org since Dragos works with us at

> I have received a lot of emails concerning this particular piece of
> software and it has had this one particular problem from it's inception
> to the Snort community, among others.
> In this case, which is not at all uncommon for this installer, Y P Chien
> had a specific problem with WinPcap and the version he referred to was
> "2.3 beta". It's always my first inclination to revert back to a release
> version of a particular program if it's a beta they are running, and
> then start trouble shooting.

The error message is plain as day:

Initializing Network Interface \
ERROR: OpenPcap() FSM compilation failed:
       syntax error
PCAP command: Files\Sourcefire\Snort\snort.conf -l C:\Program
Files\Sourcefire\Snort -A full -h any
Fatal Error, Quitting..

The data that caused the error is echoed to the screen in the line that
starts with "PCAP command" and it's clearly a segment of a Snort command
line.  Working back through the archives of the snort-users list you will
see this problem over and over again and it has been solved over and over

> Here at Silicon Defense (not "silidef" as you pointed out in your
> response) we have spent many many hours putting Snort support together
> for the Windows community. All the way from documenting installations
> for step by step procedures, to making sure we have the latest compiled
> CVS versions of snort available to download from our website, and in 5
> flavors, for Windows. This, in all reality, is a one stop shop for the
> Windows user to get everything they will need to get a functional IDS up
> and running. This has been at a cost that has been absorbed by us
> (Silicon Defense) for the Snort community.

Wow, nice ad.  Should we discuss the cost of producing Snort in the first
place in man hours donated to the project versus your contribution?  Nah,
it'd make that contribution look pretty paltry and profit motivated in
comparison.  Foregoing the development costs in favor of a renewable-revenue
services model isn't exactly a new idea.  As a further service to the Snort
community, you might want to consider ceasing to use this forum as an
advertising medium, I for one am getting sick of seeing these self serving
messages showing up time after time in response to pleas for help from
inexperienced users.

As you know, I run a company that is directly competitive with yours  and
yet I seem to be able to refrain from constantly engaging in crass marketing
tactics.  I've been getting some cries lately to start moderating the list
lately based on the volume of users who don't read the docs before posting
(c.f. constant MySQL/ACID posts, etc) and now due to the on-going marketing
campaign Silicon Defense seems to be using this list for.  I don't want to
do it (because I like the list the way it is) but of late you're really
pushing the limits of what I personally and  many of the Snort-users
regulars (i.e. The foundations of this community) find acceptable.

The snort-users list is for discussing the use of snort.  It is not intended
to be used as a marketing platform nor to push personal or corporate

If you have something to add to help users that's valid and useful we're all
happy to have your input, but if all you've got is more of this crap, please
keep it to yourself.


Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-users mailing list