[Snort-users] snort using rpcap in windows

Eugene Grama eugene.grama at ...11827...
Tue Feb 17 04:27:31 EST 2015


I tried to search on google, but still with no luck, but I'm always bumping
into this file

http://snort.sourcearchive.com/documentation/2.8.5.2/remote-ext_8h-source.html

http://snort.sourcearchive.com/documentation/2.8.5.2/group__remote__source__string.html

I'm not sure what is this for, and i cannot even locate this remote-exe.h
file in my machine (if this is a file)

Thank you and best regards,

eugene

On Tue, Feb 17, 2015 at 5:19 PM, Eugene Grama <eugene.grama at ...11827...>
wrote:

> Hello again,
>
> I had used this command and it is working and collecting packets
>
> dumpcap -i
> rpcap://[xx.xx.xx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
> -w c:\dumpcap.log
>
> i need this traffic to pass through snort so that it will generate alert
>
> how can be this done? any advice?
>
>
>
> Thank you and best regards,
>
> eugene
>
> On Tue, Feb 17, 2015 at 2:24 PM, Eugene Grama <eugene.grama at ...11827...>
> wrote:
>
>>
>> Hello,
>>
>>
>> Can snort run using rpcap? I'm trying this command, but not successful
>>
>> snort -c c:\Snort\etc\snort.conf -l c:\Snort\log --daq pcap --daq-mode
>> inline -i
>> rpcap://[xx.xxx.xxx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx}
>>
>> I run on ERROR:pcap does not support inline
>>
>> run command snort --daq-list; the result is Available DAQ modules:
>> pcap(v3): readback live multi unpriv
>>
>> Please help, how can i connect and collect data to my remote machine
>> (Windows web server)
>> --
>> Thank you and Best regards,
>>
>> Eugene
>>
>>
>
>
> --
> Thank you and Best regards,
>
> Eugene
>



-- 
Thank you and Best regards,

Eugene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150217/1d68bd09/attachment.html>


More information about the Snort-users mailing list