[Snort-users] no packets logged on wireless NIC using WinPcap 3.0, winsnort

Ben van der Merwe benm at ...12765...
Sun Feb 13 22:09:53 EST 2005


[Is this a 'wireless' limitation or a WinPCap/win32 limitation. Is 'snort wireless' ok on linux ???]
Original message:

Everything seems ok when I do a 'snort -W':
Interface Device  Description
-------------------------------------------
1  \Device\NPF_{24284523-9129-4F0E-83A3-FB0731F53D25} (D-Link AirPlus Xtreme G DWL-G520 Adapter (Microsoft's Packet Scheduler) )

(although I am sure that I also had another eth interface listed when doing a similar command in windump)

When I try to log packets with ' snort -b -v -l c:\Snort\log -i 1'
I get an empty log file (which is deleted as soon as I stop snort).
I have used snort on linux for a while now, but I may be missing something obvious. I will continue scrutinizing README.wireless, README.win32 and the faq in case I am doing something stupid.
I have used tcpdump (windump) for a while, but the wireless cards were not really supported.
snort (and winsnort) seem to have good support for wireless cards - is this due to an improvement in WinPcap ?
If this is true tcpdump should also have better support for wireless NIC's.
Finally, what is meant by a wirleless card that is in "RFMON" mode ? Is this not the default setting ? (How can I change this ?)

Some additional info on my installation:
1) snort version: Version 2.3.0RC2-ODBC-MySQL-FlexRESP-WIN32 (Build 9)
2) WinPcap 3.0
3) Windows XP Home Service Pack 2 (with automatic updates)
(I also had to change the permissions on my c:\snort directories before the empty log file was created.)

Thank you.
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050213/20141241/attachment.html>


More information about the Snort-users mailing list