[Snort-users] Snort v1.9.0 on Win2k: resp error
radamson at ...2127...
Sat Jan 4 13:14:06 EST 2003
> Snort v1.9.0 on a Win2kPro box. Runs fine, alerts logged to syslog fine,
> all is well, except...
> Installed the FlexResp_Release version from silicondefense and tested
> all basic functions used in the previous stripped version. Now trying
> to play with "resp:rst_snd" for the first time. Been using a basic
> telnet any->any rule for testing, which does cause proper alerts and
> syslog entries (for testing purposes). However, the "resp:rst_snd"
> option causes repeated:
> PacketSendPacket failed
> error in the command line window.
> Anyone know whether the error is associated with snort, libpcap, or
> I'm thinking my libpcap might be old, but don't really have a clue at
> this point.
To reply to my post...
I found the problem. The LibnetNT.dll included in the Windows
distribution is an old version and apparently does not support
the "resp:rst_snd" rule option within snort. Replacing this dll
with a newer one (v1.1.0) from www.packetfactory.net/libnet
corrected the problem.
Also, several syntax errors in the README.FLEXRESP that is
distributed. This file suggests a syntax of "resp=rst_snd",
which causes snort to barf. The correct systax is "resp:rst_snd".
More information about the Snort-users