Snort mailing list archives
Re: Error with attempt to monitor RF Monitor port mon0 /wifi
From: Edward Borgoyn <eborgoyn () sourcefire com>
Date: Mon, 30 Sep 2013 17:29:25 -0400
Hello David,
Thank you for reporting this limitation of Snort. The current Snort
implementation does NOT provide a packet decoder for the
DLT_IEEE802_11_RADIO (127) class of captured packets. There is limited
legacy support for the DLT_IEEE802_11 (105) class of packets.
Can you provide a pcap file that would allow us to recreate the
limitation? I could file a bug report for possible future implementation.
I would STRONGLY encourage you to investigate implementing the missing
packet decoder.
Best Regards,
Ed
On Thu, Sep 26, 2013 at 1:00 PM, David Saint Ruby
<davidsaintruby () gmail com>wrote:
Hello all… have a use case to monitor a wifi channel (open AP). Am opening up a virtual RF Monitor interface with airmon-ng. version 2.9.5.5. Compiled from source with --enable-non-ether-decoders Message: pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "mon0". Reload thread starting... Reload thread started, thread 0xa777db70 (15787) ERROR: Cannot decode data link type 127 Fatal Error, Quitting.. Has anyone seen this before? Is monitoring an interface showing the full 802.11 frames even possible? Wireshark is fine with it. I do not care about rules around the radio management fields or packets. Thanks David Saint Ruby ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Error with attempt to monitor RF Monitor port mon0 /wifi David Saint Ruby (Sep 30)
- Fwd: Error with attempt to monitor RF Monitor port mon0 /wifi David Saint Ruby (Sep 30)
- Re: Error with attempt to monitor RF Monitor port mon0 /wifi Edward Borgoyn (Sep 30)