Snort mailing list archives
RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort
From: "Adam Kliarsky" <360air () comcast net>
Date: Sun, 13 Feb 2005 23:00:41 -0800
Actually your issue would appear to be the RFMON mode, not your winpcap - you say that snort/windump works but not with the wireless nic? RMON would be the component that puts the wireless nic into receive mode, so if this isn't enabled, then that could be the problem (not winpcap, per my previous msg). Adam _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ben van der Merwe Sent: Sunday, February 13, 2005 10:09 PM To: snort-users () lists sourceforge net Subject: [Snort-users] no packets logged on wireless NIC using WinPcap 3.0, winsnort [Is this a 'wireless' limitation or a WinPCap/win32 limitation. Is 'snort wireless' ok on linux ???] Original message: Everything seems ok when I do a 'snort -W': Interface Device Description ------------------------------------------- 1 \Device\NPF_{24284523-9129-4F0E-83A3-FB0731F53D25} (D-Link AirPlus Xtreme G DWL-G520 Adapter (Microsoft's Packet Scheduler) ) (although I am sure that I also had another eth interface listed when doing a similar command in windump) When I try to log packets with ' snort -b -v -l c:\Snort\log -i 1' I get an empty log file (which is deleted as soon as I stop snort). I have used snort on linux for a while now, but I may be missing something obvious. I will continue scrutinizing README.wireless, README.win32 and the faq in case I am doing something stupid. I have used tcpdump (windump) for a while, but the wireless cards were not really supported. snort (and winsnort) seem to have good support for wireless cards - is this due to an improvement in WinPcap ? If this is true tcpdump should also have better support for wireless NIC's. Finally, what is meant by a wirleless card that is in "RFMON" mode ? Is this not the default setting ? (How can I change this ?) Some additional info on my installation: 1) snort version: Version 2.3.0RC2-ODBC-MySQL-FlexRESP-WIN32 (Build 9) 2) WinPcap 3.0 3) Windows XP Home Service Pack 2 (with automatic updates) (I also had to change the permissions on my c:\snort directories before the empty log file was created.) Thank you. Ben
Current thread:
- no packets logged on wireless NIC using WinPcap 3.0, winsnort Ben van der Merwe (Feb 13)
- RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort Adam Kliarsky (Feb 13)
- RE: no packets logged on wireless NIC using WinPcap 3.0, winsnort Adam Kliarsky (Feb 13)
- Message not available
- Re: no packets logged on wireless NIC using WinPcap 3.0, winsnort Ben van der Merwe (Feb 14)