|
|
|
|
Snort Forums Archive
Archive Home » Support » Snort, Bluetooth and windows, pcap open errors
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort, Bluetooth and windows, pcap open errors
Posted by lyalc on March 16, 2005 10:57:10
I have a laptop with a running Snort instance.
Windows XP SP@, Winpcap 3.0, and Snort 2.3.0-rc2
After recently enabling the bluetooth functionality by plugging in a USB bluetooth device, Snort repeatedly gave the pcap open errors if the adapter is specified (-i 1) or adapter not found in the interface wasn't specified.
In turn, snort hasn't been logging for a few days - scary on some client sites.
Note, this is only after installing Bluetooth hardware. As windows recognised the device, no drivers or vendor software was installed, even though the USB device works fine. No vendor software to uninstall as a quick try, either.
Rolling back to Winpcap 2.3 has fixed the issue for now. Winpcap 3.0 and 3.1beta4 both cause failure.
Any ideas or fixes on the horizon, or is this truly a winpcap issue?
Lyal |
|
Posted by Franzz on August 16, 2005 01:13:48
Hi Lyal
Thank's for your description, which solved my problem.
I just want confirm your finding for my Notebook with
Win XP Home SP2, Bluetooth, Firewire, Lan and WLan.
With WinPcap 3.1, Snort refused to start with error "The
interface name has not been specified.". The command "snort -W"
for listing the interfaces showed only one line, saying just "1".
As well Ethereal did not start.
With WinPcap 3.0 the problem persisted.
With WinPcap 2.3, the command "snort -W" shows five
interfaces, all with their full names. Snort runs, and
Ethereal as well.
Bye
Franzz
|
|
Posted by chris on August 16, 2005 13:02:49
Hi guys,
I think that you are both describing a design/weakness of MS networking stack not in functions of WinPcap/snort, I believe I'm correct in saying that if you need full WLAN support you will have to install snort on one of the recent Linux/*BSD's although obviously this isn't an option for your laptops.
here is a quote from the Winpcap FAQ
[quote]
"In the case of wireless LAN interfaces, it appears that, when those interfaces are promiscuously sniffing, they're running in a significantly different mode from the mode that they run in when they're just acting as network interfaces (to the extent that it would be a significant effor for those drivers to support for promiscuously sniffing and acting as regular network interfaces at the same time), so it may be that Windows drivers for those interfaces don't support promiscuous mode."
[quote] |
|
Posted by metala on August 17, 2005 06:23:08
Hi, Guys... I'm with Win XP SP2 Winpcap 3.1 (at the moment)
D:\Snort\bin>D:\Snort\bin\snort.exe -i 1 -c "D:\Snort\etc\snort.conf" -l "D:\Sno
rt\log"
Running in IDS mode
Log directory = D:\Snort\log
Initializing Network Interface
ERROR: OpenPcap() device open:
Error opening adapter: The system cannot find the file specified.
Fatal Error, Quitting..
D:\Snort\bin>D:\Snort\bin\snort.exe -i 2 -c "D:\Snort\etc\snort.conf" -l "D:\Sno
rt\log"
Invalid interface '2'.
D:\Snort\bin>D:\Snort\bin\snort.exe -W
,,_ -*> Snort! <*-
o" )~ Version 2.4.0-ODBC-MySQL-FlexRESP-WIN32 (Build 18)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2005 Sourcefire Inc., et al.
Interface Device Description
-------------------------------------------
1
Snort doesn't strat when i have Winpcap >=3.1b4 (i used 3.1b4.
I mean that my snort works when i'm with Winpcap 2.3 .. I can be with 2.3 .. but the problem is thaht i want to use nmap 3.81 (it needs >= 3.1b4).. and it's not possible be like i want.. Can somebody tell me what can i do to fix this? |
|
|
|
|
|
