[Snort-users] using "react" on w32 snort ...
jeff at ...950...
Mon Jun 23 19:31:03 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Actually... the code's all done :)
I'm looking for a few people to test it under Windows and unix systems.
Send email to me directly if you're interested in testing this.
- --On Friday, June 20, 2003 06:46:43 -0600 Rich Adamson
<radamson at ...2127...> wrote:
>> > i was attempting to test the react keyword on W32 and it spit out
>> > "PacketSendPacket failed" and then bailed out the win xp error sig is
>> > listed below (if it helps any) ...
>> > AppName: snort.exe AppVer: 0.0.0.0 ModName: ntdll.dll
>> > ModVer: 5.1.2600.1217 Offset: 00033adb
>> > is it just not supported @ this time?
>> It works just fine.
>> You need to install libnet package so that you can create packets. React
>> builds a packet and then sends it. That's what you'd need to make that
> No, the above problem is related to a coding issue on the win32 version of
> snort. Proven several times over, and its been there since v1.8 at least.
> The flex resp output is sent "only" on the first winpcap interface found
> (snort -W) even if that particular interface is not active, etc. Your
> error message suggests that interface is either not configured or is
> inactive. One of the developers (Jeff) is rewritting the code to fix
> the problem.
> The only work around at this time is to reconfigure the windows box to use
> that first interface as your sensor (and therefor for flex resp output).
> Then it works fine. You'll also find that using different versions of
> winpcap will list the interfaces in a different order, thus requiring
> you to reconfigure the windows box again to restore the flex response
> The problem relates to the original coder assumed the flex resp packet
> would use the internal system routing table for the delivery of the resp
> packet, which was incorrect.
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
http://cerberus.sourcefire.com/~jeff (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users