[Oisf-users] Install Suricata on Win 10 with Npcap?

Peter Manev petermanev at gmail.com
Thu May 2 17:34:21 UTC 2019 

On Thu, May 2, 2019 at 6:49 PM Thomas Drebert <drebert at web.de> wrote:
>
> Hello,
> I have install Npcap, I try various options.
>

Thank you.
Do you run that with privileges/as administrator ?

> regards
> Thomas D
>
> Am Do., 2. Mai 2019 um 09:48 Uhr schrieb Peter Manev <petermanev at gmail.com>:
> >
> > On Wed, May 1, 2019 at 8:19 PM Thomas Drebert <drebert at web.de> wrote:
> > >
> > > Hello,
> > >
> > > if I check the wpcap.dll in a hex editor, I can only find a
> > > pcap_dump_open. I find a WinPcap issue that in the last version
> > > pcap_dump_fopen is missing.
> > >
> >
> > You need to have npcap installed on the system -
> > https://nmap.org/npcap/ - do you have that?
> > Can you please sen a screenshot/out put of the error?
> > You are using Win 10 - correct ?
> >
> > Thank you
> >
> > > regards
> > > Thomas D.
> > >
> > > Am Mi., 1. Mai 2019 um 19:54 Uhr schrieb Thomas Drebert <drebert at web.de>:
> > > >
> > > > Hello,
> > > >
> > > > sorry, but this doesn't work for me. I get always this error:
> > > > "The procedure entry point "pcap_dump_fopen" was not found in the DLL
> > > > "C: \ Program Files \ Suricata \ suricata.exe".
> > > > This is my Suricata Directory:
> > > > 01.05.2019  19:46    <DIR>          .
> > > > 01.05.2019  19:46    <DIR>          ..
> > > > 21.01.2012  17:39                36 batch.bat
> > > > 07.03.2019  04:38             4.167 classification.config
> > > > 01.05.2019  19:46                 0 dirout.txt
> > > > 28.08.2018  03:01           169.631 HOW_TO_Windows.pdf
> > > > 18.01.2018  04:22           232.340 libGeoIP-1.dll
> > > > 25.04.2018  23:33            79.194 libjansson-4.dll
> > > > 10.05.2018  02:24           121.058 liblz4.dll
> > > > 02.05.2018  10:46           154.319 liblzma-5.dll
> > > > 11.04.2018  23:47           313.828 libnspr4.dll
> > > > 30.07.2018  16:02         1.928.216 libpcre-1.dll
> > > > 11.04.2018  23:47            28.974 libplc4.dll
> > > > 11.04.2018  23:47            22.901 libplds4.dll
> > > > 16.07.2018  01:28            57.317 libwinpthread-1.dll
> > > > 30.07.2018  16:04           783.396 libyaml-0-2.dll
> > > > 20.01.2012  17:17            17.987 LICENSE
> > > > 01.05.2019  17:14    <DIR>          log
> > > > 27.09.2017  22:03           244.502 lua53.dll
> > > > 25.07.2018  22:28         5.305.856 magic.mgc
> > > > 16.07.2016  06:18           634.824 msvcrt.dll
> > > > 27.06.2018  12:39         1.259.688 nss3.dll
> > > > 27.06.2018  12:39           163.061 nssutil3.dll
> > > > 07.03.2019  04:38             1.375 reference.config
> > > > 01.05.2019  17:16    <DIR>          rules
> > > > 10.03.2019  08:27        49.719.350 suricata.exe
> > > > 28.08.2018  03:04            68.046 suricata.yaml
> > > > 03.08.2018  02:51            23.552 WinDivert.dll
> > > > 03.08.2018  02:51            50.592 WinDivert64.sys
> > > > 27.04.2019  23:00           387.384 wpcap.dll
> > > > 19.07.2018  05:33            93.208 zlib1.dll
> > > >               27 Datei(en),     61.864.802 Bytes
> > > >
> > > > If I start Suricata by click on the icon, a cmd window is open and an
> > > > error window is popup.
> > > > I use the last msi from the Download Site.
> > > >
> > > > regards
> > > > Thomas D.
> > > >
> > > > Am Mi., 1. Mai 2019 um 18:48 Uhr schrieb Peter Manev <petermanev at gmail.com>:
> > > > >
> > > > > On Wed, May 1, 2019 at 5:21 PM Thomas Drebert <drebert at web.de> wrote:
> > > > > >
> > > > > > Hello,
> > > > > >
> > > > > > I make some tests, it is not a Npcap problem, I uninstall Npcap and
> > > > > > Suricata, reboot and install Suricata again. But I have the same
> > > > > > Error:
> > > > > > "The procedure entry point "pcap_dump_fopen" was not found in the DLL
> > > > > > "C: \ Program Files \ Suricata \ suricata.exe".
> > > > > >
> > > > >
> > > > > You need npcap/wpcap.dll in the same folder or in the System Path
> > > > > You could also try our msi pkg - https://suricata-ids.org/download/ -
> > > > > should work right out of the box installation.
> > > > > (the newer stable will be out soon)
> > > > >
> > > > > > regards
> > > > > > Thomas D.
> > > > > >
> > > > > > Am Di., 30. Apr. 2019 um 19:05 Uhr schrieb Thomas Drebert <drebert at web.de>:
> > > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > > I try to install Suricata on Windows 10, but I have installed the Npcap Driver and I get the wpcap.dll error, I try Npcap install in WinPcap API Mode, but now I get this Error "pcap_dump_fopen".
> > > > > > > What can I do?
> > > > > > >
> > > > > > > regards
> > > > > > > ThomasD
> > > > > > _______________________________________________
> > > > > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > > > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > > > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > > > > >
> > > > > > Conference: https://suricon.net
> > > > > > Trainings: https://suricata-ids.org/training/
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Peter Manev
> > > _______________________________________________
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > >
> > > Conference: https://suricon.net
> > > Trainings: https://suricata-ids.org/training/
> >
> >
> >
> > --
> > Regards,
> > Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list