[Snort-users] barnyard2 and GRE packets
eugen.babin at ...11827...
Wed Jan 21 13:11:48 EST 2015
I have an issue with barnyard reading .u2 files which contains GRE packets.
I'm analyzing with SNORT, GRE traffic. Unified is setup to generate
alert_fast into a file and in parallel alert_unified in u2 files. When a
problematic packet is found the information in file (output of alert_fast)
is showing me properly IP address (source host and destination host), but
after barnyard is processing u2 files, unfortunately I see GRE source and
Of course unified is making a snapshot of the original packet and this is
Is it possible to setup barnyard to strip GRE packet and make visible
initial IP addresses .
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users