[Snort-users] snort3: ERROR: Unable to find a Codec with data link type 228

Russ rucombs at ...589...
Tue Feb 21 07:13:41 EST 2017


228 is raw IP4 provided by cd_raw4 in the extras.

You will need to add --plugin-path to point to your 
install/lib/snort_extra/.

On 2/20/17 11:13 PM, Marcin Dulak wrote:
> Hi,
>
> snort3: 
> https://github.com/snortadmin/snort3/commit/a9f9bd38ced24da8196746074ef60a73d3bf0438
>
> Installed on CentOS7 with:
>
> # cat /etc/yum.repos.d/copr-marcindulak-snort.repo
> [copr-marcindulak-snort]
> name=copr-marcindulak-snort
> baseurl=
> https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/epel-$releasever-$basearch
> enabled=0
> gpgcheck=1
> gpgkey=
> https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/pubkey.gpg
>
> # yum -y install snort++ --enablerepo=copr-marcindulak-snort
>
> # SNORT_LUA_PATH=/etc/snort LUA_PATH=/usr/include/snort/lua/?.lua snort --daq-dir /usr/lib64/daq --daq nfq -l /var/log/snort -c /etc/snort/snort.lua
> --------------------------------------------------
> o")~   Snort++ 3.0.0-a4-226
> --------------------------------------------------
> Loading /etc/snort/snort.lua:
> 	ssh
> 	rpc_decode
> 	pop
> 	stream_user
> 	stream_tcp
> 	smtp
> 	ssl
> 	gtp_inspect
> 	stream_ip
> 	appid
> 	stream_icmp
> 	reputation
> 	stream_udp
> 	file_id
> 	back_orifice
> 	classifications
> 	port_scan
> 	dnp3
> 	ftp_data
> 	ftp_server
> 	telnet
> 	ftp_client
> 	http_inspect
> 	stream
> 	references
> 	arp_spoof
> 	sip
> 	wizard
> 	dns
> 	imap
> 	stream_file
> Finished /etc/snort/snort.lua.
> --------------------------------------------------
> nfq DAQ configured to passive.
> Commencing packet processing
> ++ [0]
> ERROR: Unable to find a Codec with data link type 228
>
> Marcin
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170221/fbbe27c8/attachment.html>


More information about the Snort-users mailing list