[Snort-users] [Snort-devel] Win32 Users Survey

Michael Steele michaels at ...9077...
Wed May 5 23:45:45 EDT 2010


Both options are crucial to the operation of Snort for windows. I've never
used the -i without an interface number (-i2). Still, not a good idea to
allow this '-i' without the modifier.

Are you thinking of omitting some information from the output of the -W
switch, and if so, why?

Kindest regards,

WINSNORT.com Management Team Member
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *

-----Original Message-----
From: Steven Sturges [mailto:steve.sturges at ...1935...] 
Sent: Wednesday, May 05, 2010 5:29 PM
To: snort-users at lists.sourceforge.net; snort-devel at lists.sourceforge.net
Subject: [Snort-users] [Snort-devel] Win32 Users Survey

For those using Snort on windows platforms, how do you specify the interface
on which to sniff packets?

With Snort on windows, you can use the -W command line option to query the
list of interfaces and then there are options for starting Snort.

Using -i with the interface number (index) from the -W output

-i <num>

OR using -i with the device name

-i \Device\NPF_<uuid>


No -i on command line and let Snort select the first interface that WinPcap


Snort-devel mailing list
Snort-devel at lists.sourceforge.net

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list