[Snort-users] Linktype 113 not decoded
roesch at ...1935...
Fri Feb 25 10:54:19 EST 2005
Looks like you're using cooked sockets (Linux SLL) to acquire the data
and Barnyard doesn't know how to process them. You'd have to add a
layer 2 decoder for linux SLL traffic before Barnyard will recognize
On Feb 24, 2005, at 10:12 AM, BALDWIN, BILL (SBCSI) wrote:
> I'm running into an issue I hope someone can help with.
> RedHat ES 3 update 3 SMP (2.4.21-20.Elsmp)
> The system is running 2 GigE fibre cards that are spanning 2 routers
> with no ip address and snort starts with -i any. The problem is the
> alerts have no ip/udp header information. Looking at barnyards
> I'm getting "Linktype 113 not decoded. Raw packet dumped" instead of
> the packet header. If I run tcpdump or ethereal on any of the
> interfaces, I am able to get all header info.
> Any help would be greatly appreciated.
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover. Determine. Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users