[Snort-devel] token ring problem

Fyodor fygrave at ...1...
Tue Feb 27 15:00:15 EST 2001

On Mon, Feb 26, 2001 at 10:45:45PM -0500, VOID - wrote:
> Hello,
> I have a linux box installed with Red Hat 6.2
> on i386 architecture (PIII). I have token ring
> card installed, and I have the problem that I
> get the following error message:
> --== Initializing Snort ==--
> Initializing Network Interface tr0
> ERROR: OpenPcap() device tr0 open:
> unknown physical layer type 0x320
> I've used the snort with the -v flag.
> Can I (or you) do something with this problem?

Yep. Althrough 0x320 is VERY unusual number for tokenring. I have 6 in my libpcap defined:

/usr/include/net/bpf.h:#define DLT_IEEE802      6       /* IEEE 802 Networks */

If you could share your /usr/include/net/bpf.h definition (or the whole file, preferably offlist, cuz it's probably huge), we will try to make a fix for that to test it. :) (should be trivial unless TokenRing which you see with datalink type 0x320 is different from TokenRing which we see with datalink type 6).


More information about the Snort-devel mailing list