Snort mailing list archives
Re: Linktype 113 not decoded
From: "Paul Schmehl" <pauls () utdallas edu>
Date: Fri, 4 Mar 2005 22:31:46 -0600
----- Original Message ----- From: "Martin Roesch" <roesch () sourcefire com>
To: "BALDWIN, BILL (SBCSI)" <wb7192 () sbc com> Cc: <snort-users () lists sourceforge net> Sent: Friday, March 04, 2005 10:11 PM Subject: Re: [Snort-users] Linktype 113 not decoded
Since I'm the FreeBSD port maintainer for barnyard, hopefully you'll be kind enough to answer a couple of questions.Hi Bill, Here's a quick and dirty patch that you can apply to Barnyard that'll add SLL support to its decoder. if you patch the barnyard code set with this and then try to reprocess your unified files it'll probably work. Let me know what you find. I don't have any SLL unified files to test with, so this compiles but hasn't been operationally tested...
1) Is development of barnyard ongoing? There hasn't been any activity on the devel list in three months. (If so, any anticipated release date for the next minor rev?)
A completely unrelated snort question as well. Are there any plans to fold the patch used by sguil into the spp_portscan.c code? (ISTM you're completely revamping the portscan code instead.)
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Memberhttp://www.utdallas.edu/
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Linktype 113 not decoded BALDWIN, BILL (SBCSI) (Feb 25)
- <Possible follow-ups>
- Linktype 113 not decoded BALDWIN, BILL (SBCSI) (Feb 25)
- Re: Linktype 113 not decoded Martin Roesch (Feb 25)
- Re: Linktype 113 not decoded Justin Heath (Feb 26)
- Re: Linktype 113 not decoded Martin Roesch (Feb 25)
- RE: Linktype 113 not decoded BALDWIN, BILL (SBCSI) (Feb 28)
- Re: Linktype 113 not decoded Martin Roesch (Mar 03)
- RE: Linktype 113 not decoded BALDWIN, BILL (SBCSI) (Feb 28)
- Re: Linktype 113 not decoded Martin Roesch (Mar 04)
- Re: Linktype 113 not decoded Paul Schmehl (Mar 04)
- Re: Linktype 113 not decoded Martin Roesch (Mar 04)
- RE: Linktype 113 not decoded BALDWIN, BILL (SBCSI) (Mar 11)