[Snort-users] Linktype 113 not decoded
BALDWIN, BILL (SBCSI)
wb7192 at ...5059...
Fri Feb 25 05:15:01 EST 2005
I'm running into an issue I hope someone can help with.
RedHat ES 3 update 3 SMP (2.4.21-20.Elsmp)
The system is running 2 GigE fibre cards that are spanning 2 routers
with no ip address and snort starts with -i any. The problem is the
alerts have no ip/tcp/udp header information. Looking at barnyards
dump.log I'm getting "Linktype 113 not decoded. Raw packet dumped"
instead of the packet header. If I run tcpdump or ethereal on any of
the interfaces, I am able to get all header info.
Any help would be greatly appreciated.
More information about the Snort-users