[Snort-devel] Error with attempt to monitor RF Monitor port mon0 /wifi

David Saint Ruby davidsaintruby at ...2499...
Thu Sep 26 13:00:09 EDT 2013

Hello all… have a use case to monitor a wifi channel (open AP).

Am opening up a virtual RF Monitor interface with airmon-ng.


Compiled from source with   --enable-non-ether-decoders


pcap DAQ configured to passive.

The DAQ version does not support reload.

Acquiring network traffic from "mon0".

Reload thread starting...

Reload thread started, thread 0xa777db70 (15787)

ERROR: Cannot decode data link type 127

Fatal Error, Quitting..

Has anyone seen this before?  Is monitoring an interface showing the full
802.11 frames even possible?

Wireshark is fine with it.  I do not care about rules around the radio
management fields or packets.


David Saint Ruby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130926/69747f89/attachment.html>

More information about the Snort-devel mailing list