[Snort-users] Data link type error

Qinwen Hu qhu009 at ...15379...
Fri Nov 11 18:31:31 EST 2011


Hi All:

I am running Snort -2.9.1.1 version, I was using my snort to read some IPv4
tracefiles last night. I got this error

Error: cannot decode data link type 197.
fatal error, Quitting..

By checking the tracefile, I find that the tracefile is not a completely IP
packet, it only contains few information, such as time, and few byte from
the data layer. no source address and destination address, so i just
wonder, if some one can tell me why I get this error.

second question, I have check my Snort configuration, I find the new snort
version using ipvar in the configure file, is that means both IPv4 and IPv6
protocol can be processed by using Snort?


Thank you very much for your time.


Regards

Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111112/b4a7b54b/attachment.html>


More information about the Snort-users mailing list