Jump to content

Can't set daq bpf filter to '–W'

sxcmylife@163.com
 Share

Recommended Posts

sxcmylife@163.com Newbie

sxcmylife@163.com

Posted
Posted

hi

I just installed snort_2.9.8.0 on my 64bit windows 2008 r2 server.Before that I already installed .Net framework3.5 and  WinPcap_4_1_3 on the same server.

However,when I start the snort programme using " d:\winids\snort\bin\snort –W ",the system reflect with an error as the information below:

C:\Users\Operator>d:\winids\snort\bin\snort –W
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: –W
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "\Device\NPF_{F2C3B9BA-92A1-44DC-B5A1-3F12E26623F
E}".
ERROR: Can't set DAQ BPF filter to '–W' (@P)!
Fatal Error, Quitting..

anyone can help me solve this problem?

thank you very much

Morpheus Newbie

Morpheus

Posted
Posted

Never seen that screen before. Did you follow the tutorial and ONLY install what the tutorial instructed?

Did you install Winpcap ?

There are ONLY two thing that need to be installed to use the -W switch

  1. Snort
  2. Winpcap

Must be a problem with one of those, but best guess would to remove Winpcap and install.

There is a possibility Winpcap is not seeing any lagitamate Network Interface Cards, or there are no Network Interface Cards installed?

sxcmylife@163.com Newbie

sxcmylife@163.com

Posted
  • Author
Posted
13 hours ago, Morpheus said:

Never seen that screen before. Did you follow the tutorial and ONLY install what the tutorial instructed?

Did you install Winpcap ?

There are ONLY two thing that need to be installed to use the -W switch

  1. Snort
  2. Winpcap

Must be a problem with one of those, but best guess would to remove Winpcap and install.

There is a possibility Winpcap is not seeing any lagitamate Network Interface Cards, or there are no Network Interface Cards installed?

Thanks Dear Morpheus,

I found that the right index of the Network Interface Card should be 1.When I use  'd:\winids\snort\bin\snort -v –i1' I can see a lot network traffic.

so I just skipped this Network Interface Card detecting step.I hope that's OK...

Morpheus Newbie

Morpheus

Posted
Posted

There may be some corruption with the list of interfaces as the -W switch should bring up that list.

If doesn't look like it will effect anything, as long as you know which interface to choose.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...