[Snort-users] snort using rpcap in windows

Eugene Grama eugene.grama at ...11827...
Tue Feb 17 04:19:15 EST 2015


Hello again,

I had used this command and it is working and collecting packets

dumpcap -i
rpcap://[xx.xx.xx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
-w c:\dumpcap.log

i need this traffic to pass through snort so that it will generate alert

how can be this done? any advice?



Thank you and best regards,

eugene

On Tue, Feb 17, 2015 at 2:24 PM, Eugene Grama <eugene.grama at ...11827...>
wrote:

>
> Hello,
>
>
> Can snort run using rpcap? I'm trying this command, but not successful
>
> snort -c c:\Snort\etc\snort.conf -l c:\Snort\log --daq pcap --daq-mode
> inline -i
> rpcap://[xx.xxx.xxx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx}
>
> I run on ERROR:pcap does not support inline
>
> run command snort --daq-list; the result is Available DAQ modules:
> pcap(v3): readback live multi unpriv
>
> Please help, how can i connect and collect data to my remote machine
> (Windows web server)
> --
> Thank you and Best regards,
>
> Eugene
>
>


-- 
Thank you and Best regards,

Eugene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150217/20587189/attachment.html>


More information about the Snort-users mailing list