Snort mailing list archives
Re: Windows32 Snort without WPcap.dll?
From: Steven Bairstow <sab139 () psu edu>
Date: Mon, 14 Jun 2004 14:16:08 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Would it be possible to compile WPcap into Snort like a Linux statically linked binary? If I understand correctly, in order to do that, you would need to be able to load the capture driver on the fly. But I suspect that Microsoft doesn't give you the ability to do that. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQM3rR0cxdTMMgeE8EQJsyACgu0+oinRNpRftkbf7qkyBXS3XZtgAnA6c geMkpBY7akIrgdQ95vb8g9LJ =ueRI -----END PGP SIGNATURE----- At 1:13 PM -0400 6/14/04, Keith W. McCammon wrote:
No can do, as far as I'm aware. Even if you're using the built-in Windows packet analysis tool, you need to install their capture driver. Over-simplification follows... Under normal circumstances, an application would open up a socket for network communication, and the stack then keeps track of these sockets and binding applications. When you're running a capture engine, you're asking for a copy of every packet that crosses the stack, independent of the application. Thus, you need a special driver. Steven Bairstow wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know of a version of Snort for MS Windows that can be run without installing WPcap.dll? I don't need the interface to be in promiscuous mode as I only need to see the local traffic. Ultimately, I would like to be able to run Snort without rebooting the machine or installing any software onto the machine. Thanks. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQM3QBEcxdTMMgeE8EQL3TQCeKd2mK1rDtgwWOMtO6Yw6hADykP0AoLQk YgormcP3S0ozq3PdelkhAB0v =Gnd7 -----END PGP SIGNATURE-----
-- Steven Bairstow Computer and Network Services - Abington College - Penn State University http://www.personal.psu.edu/~sab139 PGP Key ID = 0x0C81E13C "No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced." ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Windows32 Snort without WPcap.dll? Steven Bairstow (Jun 14)
- Re: Windows32 Snort without WPcap.dll? Keith W. McCammon (Jun 14)
- Re: Windows32 Snort without WPcap.dll? Steven Bairstow (Jun 14)
- RE: Windows32 Snort without WPcap.dll? Michael Steele (Jun 15)
- Re: Windows32 Snort without WPcap.dll? Keith W. McCammon (Jun 14)