[Snort-users] Win32 Users Survey

Steven Sturges steve.sturges at ...1935...
Wed May 5 23:06:09 EDT 2010


Hi Rob--

I was asking more from the perspective of seeing how people used
Snort, as we're looking at updating/adding to the output of -W.

If Win32 Snort users aren't using the \Device approach with -i,
the device information is probably not needed in the -W output.

And this is for the Snort released from snort.org, not winsnort.  ;)

Cheers.
-steve

Rob Dixon wrote:
> what version of winsnort and winpcap?
> 
> 
> 
> On Wed, May 5, 2010 at 5:28 PM, Steven Sturges <steve.sturges at ...1935...
>> wrote:
> 
>> For those using Snort on windows platforms, how do you
>> specify the interface on which to sniff packets?
>>
>> With Snort on windows, you can use the -W command line
>> option to query the list of interfaces and then there are
>> options for starting Snort.
>>
>> Using -i with the interface number (index) from the -W output
>>
>> -i <num>
>>
>> OR using -i with the device name
>>
>> -i \Device\NPF_<uuid>
>>
>> OR
>>
>> No -i on command line and let Snort select the first interface
>> that WinPcap finds.
>>
>> Thanks.
>> -steve
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
> 
> 
> 




More information about the Snort-users mailing list