I am having an issue when trying to run suricata via the command line after a fresh install of Windows 11 and a fresh install of npcap and suricata. When I run:
suricata.exe -T -c suricata.yaml
My config comes back clean. No errors. However, when I run:
suricata.exe -c suricata.yaml -i Ethernet1
The application just starts and crashes. I get the following in the Windows Application Log:
Faulting Application Name: suricata.exe
Faulting Module Name: msvcrt.dll
I have tried the following combinations with the same error. Is there something silly I am missing? Thank you
Windows 10 v7 and v8
Windows 11 v7 and v8
Ah so that does seem to work. However, if that interface is just going to be in promiscuous mode it should not require an IP address correct? Is there a proper way to run suricata without configuring the monitoring interface with an ip stack? Thanks again.
Okay, so it looks like you have to provide the interface unique ID \Device\_NPFxxxxx and not the interface name from “ipconfig” for anyone else that might be running into this same problem.