[Snort-users] Linktype 113 not decoded

BALDWIN, BILL (SBCSI) wb7192 at ...5059...
Fri Feb 25 05:54:23 EST 2005

I'm running into an issue I hope someone can help with.

RedHat ES 3 update 3 SMP (2.4.21-20.Elsmp)

The system is running 2 GigE fibre cards that are spanning 2 routers
with no ip address and snort starts with -i any.  The problem is the
alerts have no ip/udp header information.  Looking at barnyards dump.log
I'm getting "Linktype 113 not decoded.  Raw packet dumped" instead of
the packet header.  If I run tcpdump or ethereal on any of the
interfaces, I am able to get all header info.

Any help would be greatly appreciated.


More information about the Snort-users mailing list