[Snort-users] Linktype 113 not decoded

Paul Schmehl pauls at ...6838...
Fri Mar 4 20:32:13 EST 2005


----- Original Message ----- 
From: "Martin Roesch" <roesch at ...1935...>
To: "BALDWIN, BILL (SBCSI)" <wb7192 at ...5059...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Friday, March 04, 2005 10:11 PM
Subject: Re: [Snort-users] Linktype 113 not decoded


> Hi Bill,
>
> Here's a quick and dirty patch that you can apply to Barnyard that'll
> add SLL support to its decoder.  if you patch the barnyard code set
> with this and then try to reprocess your unified files it'll probably
> work.  Let me know what you find.  I don't have any SLL unified files
> to test with, so this compiles but hasn't been operationally tested...
>
Since I'm the FreeBSD port maintainer for barnyard, hopefully you'll be kind 
enough to answer a couple of questions.

1) Is development of barnyard ongoing?  There hasn't been any activity on 
the devel list in three months.  (If so, any anticipated release date for 
the next minor rev?)

A completely unrelated snort question as well.  Are there any plans to fold 
the patch used by sguil into the spp_portscan.c code?  (ISTM you're 
completely revamping the portscan code instead.)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ 





More information about the Snort-users mailing list