[Snort-users] barnyard2 and GRE packets

Eugeniu Babin eugen.babin at ...11827...
Wed Jan 21 13:11:48 EST 2015


Hi All,
I have an issue with barnyard reading .u2 files which contains GRE packets.
I'm analyzing with SNORT, GRE traffic. Unified is setup to generate
alert_fast into a file and in parallel alert_unified in u2 files. When a
problematic packet is found the information in file (output of alert_fast)
is showing me properly IP address (source host and destination host), but
after barnyard is processing u2 files, unfortunately I see GRE source and
destination IPs.
Of course unified is making a snapshot of the original packet and this is
obviously GRE.
Is it possible to setup barnyard to strip GRE packet and make visible
initial IP addresses .

Many thanks!
Eugene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150121/de50bc76/attachment.html>


More information about the Snort-users mailing list