[Snort-users] snort3: ERROR: Unable to find a Codec with data link type 228

Marcin Dulak marcin.dulak at ...11827...
Mon Feb 20 23:13:36 EST 2017


Hi,

snort3:
https://github.com/snortadmin/snort3/commit/a9f9bd38ced24da8196746074ef60a73d3bf0438

Installed on CentOS7 with:

# cat /etc/yum.repos.d/copr-marcindulak-snort.repo
[copr-marcindulak-snort]
name=copr-marcindulak-snort
baseurl=https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/epel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/pubkey.gpg

# yum -y install snort++ --enablerepo=copr-marcindulak-snort

# SNORT_LUA_PATH=/etc/snort LUA_PATH=/usr/include/snort/lua/?.lua
snort --daq-dir /usr/lib64/daq --daq nfq -l /var/log/snort -c
/etc/snort/snort.lua
--------------------------------------------------
o")~   Snort++ 3.0.0-a4-226
--------------------------------------------------
Loading /etc/snort/snort.lua:
	ssh
	rpc_decode
	pop
	stream_user
	stream_tcp
	smtp
	ssl
	gtp_inspect
	stream_ip
	appid
	stream_icmp
	reputation
	stream_udp
	file_id
	back_orifice
	classifications
	port_scan
	dnp3
	ftp_data
	ftp_server
	telnet
	ftp_client
	http_inspect
	stream
	references
	arp_spoof
	sip
	wizard
	dns
	imap
	stream_file
Finished /etc/snort/snort.lua.
--------------------------------------------------
nfq DAQ configured to passive.
Commencing packet processing
++ [0]
ERROR: Unable to find a Codec with data link type 228

Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170221/e533b884/attachment.html>


More information about the Snort-users mailing list