[Snort-users] Snort for WIndows newbie question...

Michael Steele michaels at ...9077...
Wed Apr 28 09:55:18 EDT 2004

Chris Reid has been notified that Snort will need to be modified in order to
use WinPcap 3.1 and newer.

A good rule of thumb: Never use BETA versions, at least until the initial
IDS is functioning correctly using only release versions of Snort and its
support programs.

Also, never install WinPcap over itself. ALWAYS uninstall, reboot, check for
and remove any packet.dll found, and then install the new WinPcap.

Kindest regards, 

WINSNORT.com Management Team Member
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Ambrose, Joseph
> Sent: Wednesday, April 28, 2004 5:42 AM
> To: Sort List (E-mail)
> Subject: RE: [Snort-users] Snort for WIndows newbie question...
> Thanks Matt!
> It works now....
> Now all I have to do is convert the text files to allow notepad to read
> them.....
> Joseph Ambrose, MCSE
> System and Network Manager
> The Conference Board
> P: 001-212-339-0443
> F: 001-212-836-3802
> E: Joe.Ambrose at ...11706...
> Visit our Award Winning Web Site:  www.conference-board.org
>  -----Original Message-----
> From: 	Matt Kettler [mailto:mkettler at ...4108...]
> Sent:	Monday, April 26, 2004 4:44 PM
> To:	Ambrose, Joseph; Sort List (E-mail)
> Subject:	Re: [Snort-users] Snort for WIndows newbie question...
> At 10:13 AM 4/26/2004, Ambrose, Joseph wrote:
> >"The procedure entry point PacketGetNetInfo could not be located in the
> >dynamic link library Packet.dll.
> >
> >I thought I installed Snort correctly, however.....
> After experiencing this myself, it appears that it's a winpcap version
> problem.
> If you go to the source of winpcap:
> http://winpcap.polito.it/install/default.htm
> Winpcap 3.0 works, but Winpcap 3.1-beta does not.
> Also note that you have to un-install 3.1 in order to successfully
> downgrade winpcap. You can verify the re-install worked by locating
> packet.dll in your system32 directory and doing a right-click properties.
> The version tab will give you the version number of packet.dll and you
> should see it change after you're done.
> For reference, my working version of the dll is reported as by
> windows. This may not be the only working version, but it is one that
> works
> for me with snort 2.1.2.
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id149&alloc_id66&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users

More information about the Snort-users mailing list