[Snort-users] running basic snort on windows

Craig W codecraig at ...11827...
Mon Mar 7 12:50:55 EST 2005


well its not the beta version, and i dont need a beta version.  I
never had winpcap installed previously, so there is no old versions
existing.

...maybe i will try another winpcap version.

thanks


On Mon,  7 Mar 2005 14:37:34 -0600, Rich Adamson <radamson at ...2127...> wrote:
> > I am running snort v2.3.0 RC2 on win xp pro....following the advice
> > given in previous posts I running through the README.WIN32....
> >
> > When i perform one of the "simple" tests i get an error...below is what i did
> >
> > C:\>snort -v -n 3 - i 1
> > Running in packet dump mode
> >
> > Initializing Network Interface \Device\NPF_{<mac_address_was_here>
> > }
> > ERROR: OpenPcap() FSM compilation failed:
> >         parse error
> > PCAP command: i 1
> > Fatal Error, Quitting..
> >
> >
> > I installed WinPCap v3.0, then installed snort, rebooted my machine.
> > FYI, i ran snort -W first to list my interfaces and it worked (i only
> > have 1).
> 
> Kind of smells like an incorrect WinPcap version. If you had installed
> some other WinPcap verison and then installed v3.0 (no beta), you
> should have rebooted prior to installing v3.0. If any of that sounds
> familiar, then uninstall WinPcap, reboot, and install v3.0 again.
> 
> If you used a version of WinPcap v3.0 that includes the words 'beta',
> etc, uninstall it and install v3.0.
> 
> If that above doesn't apply, the check:
>  system32\packet.dll is dated 4/4/2003
>  system32\wpcap.dll is dated 4/4/2003
> 
> I've got several of these running winpcap v3.0 on WinXP with no problems.
> 
> Rich
> 
> 


-- 

http://www.codecraig.com
http://jroller.com/page/codecraig




More information about the Snort-users mailing list