[Snort-users] Linktype 113 not decoded
BALDWIN, BILL (SBCSI)
wb7192 at ...5059...
Fri Feb 25 05:54:23 EST 2005
I'm running into an issue I hope someone can help with.
RedHat ES 3 update 3 SMP (2.4.21-20.Elsmp)
The system is running 2 GigE fibre cards that are spanning 2 routers
with no ip address and snort starts with -i any. The problem is the
alerts have no ip/udp header information. Looking at barnyards dump.log
I'm getting "Linktype 113 not decoded. Raw packet dumped" instead of
the packet header. If I run tcpdump or ethereal on any of the
interfaces, I am able to get all header info.
Any help would be greatly appreciated.
More information about the Snort-users