Hello everybody.
I’m discovering surcata and I’m french, so, please, sorry by advance for questions you might think they are not very clever and badly written.
Im am trying to use suricata as IPS in Windows.
I installed suticata using
https://www.openinfosecfoundation.org/downloads/windows/Suricata-6.0.3-windivert-1-64bit.msi
and launched with
Blockquote
cd c:\Suricata
suricata.exe -c suricata.yaml -l c:\suricata\log --windivert tcp -k none -vvv
And after a little time, it fails with this error message
Blockquote
19/1/2022 – 15:43:02 - - [ERRCODE: SC_ERR_WINDIVERT_GENERIC(312)] - WinDivertOpen failed, error 87 (0x00000057): Paramètre incorrect. The WinDivert packet filter string is invalid.
19/1/2022 – 15:43:02 - - [ERRCODE: SC_ERR_FATAL(171)] - thread TX#00 failed
I tried replacing “tcp” by “udp” and it didn’t fail (maybe because there is nothing to scan ??)
Any idea to fix it ?
I attached the suricata.log and the stats.lI attached the suricata.log and the stats.log showing, I suppose, that suricata lives a little.
Best regards,
Christophe
suricata.log (184.7 KB)
stats.log (102.5 KB)
