Sign in to follow this  
Followers 0
sxcmylife@163.com

Can't set daq bpf filter to '–W'

4 posts in this topic

hi

I just installed snort_2.9.8.0 on my 64bit windows 2008 r2 server.Before that I already installed .Net framework3.5 and  WinPcap_4_1_3 on the same server.

However,when I start the snort programme using " d:\winids\snort\bin\snort –W ",the system reflect with an error as the information below:

C:\Users\Operator>d:\winids\snort\bin\snort –W
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: –W
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "\Device\NPF_{F2C3B9BA-92A1-44DC-B5A1-3F12E26623F
E}".
ERROR: Can't set DAQ BPF filter to '–W' (@P)!
Fatal Error, Quitting..

anyone can help me solve this problem?

thank you very much

Share this post


Link to post
Share on other sites

Never seen that screen before. Did you follow the tutorial and ONLY install what the tutorial instructed?

Did you install Winpcap ?

There are ONLY two thing that need to be installed to use the -W switch

  1. Snort
  2. Winpcap

Must be a problem with one of those, but best guess would to remove Winpcap and install.

There is a possibility Winpcap is not seeing any lagitamate Network Interface Cards, or there are no Network Interface Cards installed?

Share this post


Link to post
Share on other sites
13 hours ago, Morpheus said:

Never seen that screen before. Did you follow the tutorial and ONLY install what the tutorial instructed?

Did you install Winpcap ?

There are ONLY two thing that need to be installed to use the -W switch

  1. Snort
  2. Winpcap

Must be a problem with one of those, but best guess would to remove Winpcap and install.

There is a possibility Winpcap is not seeing any lagitamate Network Interface Cards, or there are no Network Interface Cards installed?

Thanks Dear Morpheus,

I found that the right index of the Network Interface Card should be 1.When I use  'd:\winids\snort\bin\snort -v –i1' I can see a lot network traffic.

so I just skipped this Network Interface Card detecting step.I hope that's OK...

Share this post


Link to post
Share on other sites

There may be some corruption with the list of interfaces as the -W switch should bring up that list.

If doesn't look like it will effect anything, as long as you know which interface to choose.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0