Win32 errors when running snort

Hi,
I'm running snort on a Windows 2000 machine and it runs fine as long
as i don't specify any rules file. this command:

snort -l c:\snort\log -c c:\snort\etc\snort.conf

generates a Dr Watson error saying
"snort.exe has generated errors and will be closed by Windows. You
need to restart the program. An error log is being created."

This only seems to happen if I use the -c flag. When I look at the
drwtsn32.log file, the instruction disassembly portion says:

function: RtlEnterCriticalSection
77f82060 648b0d18000000 mov ecx,fs:[00000018]
fs:00000018=????????
77f82067 8b542404 mov edx,[esp+0x4]
ss:00ba74eb=????????
FAULT ->77f8206b 837a1400 cmp dword ptr [edx+0x14],0x0
ds:00a79f06=????????
77f8206f 0f859c7b0100 jne NtSetTimerResolution+0x227d
(77f99c11)
77f82075 90 nop
77f82076 ff4204 inc dword ptr [edx+0x4]
ds:00a79f06=????????
77f82079 0f852e080000 jne ZwQueryInformationThread+0xe
(77f828ad)
77f8207f 8b4124 mov eax,[ecx+0x24]
ds:80a57ee6=????????
77f82082 89420c mov [edx+0xc],eax
ds:00a79f06=????????
77f82085 c7420801000000 mov dword ptr [edx+0x8],0x1
ds:00a79f06=????????
77f8208c 33c0 xor eax,eax
77f8208e c20400 ret 0x4

(sorry for the formatting)

I tried both reinstalling and going to an older version of snort both
with the same result - none.

any help would be greatly appreciated.

i found that if i comment out this line in the snort.conf file, it no
longer generates that error. do i have the syntax wrong?

output log_tcpdump: C:\Snort\log\tcpdump.log


dylan.roehrig@gmail.com (dylan) wrote in message news:<45dab8d7.0410191225.2d4498e2@posting.google. com>...
> Hi,
> I'm running snort on a Windows 2000 machine and it runs fine as long
> as i don't specify any rules file. this command:
>
> snort -l c:\snort\log -c c:\snort\etc\snort.conf
>
> generates a Dr Watson error saying
> "snort.exe has generated errors and will be closed by Windows. You
> need to restart the program. An error log is being created."
>
> This only seems to happen if I use the -c flag. When I look at the
> drwtsn32.log file, the instruction disassembly portion says:
>
> function: RtlEnterCriticalSection
> 77f82060 648b0d18000000 mov ecx,fs:[00000018]
> fs:00000018=????????
> 77f82067 8b542404 mov edx,[esp+0x4]
> ss:00ba74eb=????????
> FAULT ->77f8206b 837a1400 cmp dword ptr [edx+0x14],0x0
> ds:00a79f06=????????
> 77f8206f 0f859c7b0100 jne NtSetTimerResolution+0x227d
> (77f99c11)
> 77f82075 90 nop
> 77f82076 ff4204 inc dword ptr [edx+0x4]
> ds:00a79f06=????????
> 77f82079 0f852e080000 jne ZwQueryInformationThread+0xe
> (77f828ad)
> 77f8207f 8b4124 mov eax,[ecx+0x24]
> ds:80a57ee6=????????
> 77f82082 89420c mov [edx+0xc],eax
> ds:00a79f06=????????
> 77f82085 c7420801000000 mov dword ptr [edx+0x8],0x1
> ds:00a79f06=????????
> 77f8208c 33c0 xor eax,eax
> 77f8208e c20400 ret 0x4
>
> (sorry for the formatting)
>
> I tried both reinstalling and going to an older version of snort both
> with the same result - none.
>
> any help would be greatly appreciated.