[Snort-users] Having trouble using -b switch

Dan Harpold danharp at ...7001...
Fri Sep 27 12:16:09 EDT 2002

I've been having a similar problem. Whenever I run in binary mode, it shuts
down as soon as it tries to write an entry to the log. It creates the log
file and writes 24 bytes to it. It fails after the first write after that.
In regular mode, it runs fine. I just downloaded the latest version of
winpcap (3.0a).

I am also a newbie to snort, so I may be missing something here. This is
happening on two different machines (similar hardware, both with Intel Pro
100 NIC).

When I run -W, I get the following:

1  \Device\NPF_{guid} {Intel(R) Pro Adapter (Microsoft's PAcket Scheduler) }
2  \Device\NPF_NdisWanIP {NdisWan Adapter (Microsoft's Packet Scheduler) }

Any help would be appreciated.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Chris Green
Sent: Friday, September 27, 2002 1:13 PM
To: Snort Users List
Subject: Re: [Snort-users] Having trouble using -b switch

rkeller at ...7000... writes:

> Yes, it does.  And, when in binary mode, a new log file is created within
the log
> directory.

Please do a snort -W to list the interfaces. You may be running into
the libpcap buffer overrun.  In that case, you'll need a newer winpcap.
Chris Green <cmg at ...1935...>
A watched process never cores.

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020927/b731bbd3/attachment.html>

More information about the Snort-users mailing list