[Snort-users] Snort 2.9.7.2 throws ERROR: Cannot decode data link type 113 while reading pcaps

Pratik Narang pratik.cse.bits at ...11827...
Wed May 20 08:11:57 EDT 2015


On Wed, May 20, 2015 at 5:41 PM, Pratik Narang
<pratik.cse.bits at ...11827...> wrote:
> ---------- Forwarded message ----------
> From: Pratik Narang <pratik.cse.bits at ...11827...>
> Date: Wed, May 20, 2015 at 5:41 PM
> Subject: Re: [Snort-users] Snort 2.9.7.2 throws ERROR: Cannot decode
> data link type 113 while reading pcaps
> To: waldo kitty <wkitty42 at ...14940...>
>
>
> Ummm... so,if I got that right, to be able to parse pcaps, I need to
> re-compile Snort?
>
> On Wed, May 20, 2015 at 5:30 PM, waldo kitty <wkitty42 at ...14940...> wrote:
>> On 05/20/2015 07:40 AM, Pratik Narang wrote:
>>> Now, I tried to run it against .pcap files in a directory using the
>>> option --pcap-dir="/path/to/dumpfiles". Snort throws up an error:
>>> ERROR: Cannot decode data link type 113
>>> I read somewhere that "--enable-non-ether-decoders" can be used to
>>> resolve this. But I guess this option is not available for the present
>>> version of Snort.
>>
>> that's a compile time option... you have to use it when you run configure or
>> make to create your snort binary...
>>
>> --
>>   NOTE: No off-list assistance is given without prior approval.
>>         Please *keep mailing list traffic on the list* unless
>>         private contact is specifically requested and granted.
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list