[Snort-users] Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode

Jutichai Thongkrachai thsecmaniac at ...11827...
Sat Aug 23 04:07:41 EDT 2014


To Waldo Kitty,


I found an answer already. I have to use "-i" option too to force snort to
use my LAN Interface instead of NFLOG interface which is the first
interface that tcpdump  use.

I know this thing from running "tcpdump -D"

2014-08-23 10:56 GMT+07:00 Jutichai Thongkrachai <thsecmaniac at ...11827...>:

> I still get that error
>
> I try to uninstall it with "make uninstall" and install again with
> "./configure  --enable-non-ether-decoders  --enable-sourcefire" but I still
> get that error
>
> I don't know this is a usual message that get while install. I get some
> message while run "make install:
>
> Making install in etc
> make[1]: Entering directory `/usr/local/src/snort-2.9.6.2/etc'
> make[2]: Entering directory `/usr/local/src/snort-2.9.6.2/etc'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/usr/local/src/snort-2.9.6.2/etc'
> make[1]: Leaving directory `/usr/local/src/snort-2.9.6.2/etc'
> Making install in templates
>
>
> moreover, my centos use "enp2s0" as my LAN interface
>
>
>
> From: waldo kitty <wkitty42 at ...14940...>
>> To: snort-users at lists.sourceforge.net
>> Cc:
>> Date: Thu, 21 Aug 2014 17:58:33 -0400
>>
>> Subject: Re: [Snort-users] Got the "ERROR: Cannot decode data link type
>> 239" message when turn on sniffer mode
>> On 8/21/2014 5:08 AM, Jutichai Thongkrachai wrote:
>>
>>> To Waldo kitty,
>>>
>>>
>>> after run " ./configure  --enable-non-ether-decoders
>>> --enable-sourcefire",
>>> Should I need run " make ;make install" again?
>>>
>>
>> yes... maybe with "make clean" first...
>>
>> configure only configures the compile environment so that make can
>> compile everything with the proper make values...
>>
>>
>> --
>>  NOTE: No off-list assistance is given without prior approval.
>>        Please *keep mailing list traffic on the list* unless
>>        private contact is specifically requested and granted.
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140823/44ab4ba8/attachment.html>


More information about the Snort-users mailing list