Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort3: ERROR: Unable to find a Codec with data link type 228

From: Marcin Dulak <marcin.dulak () gmail com>
Date: Tue, 21 Feb 2017 05:13:36 +0100
Hi,

snort3:
https://github.com/snortadmin/snort3/commit/a9f9bd38ced24da8196746074ef60a73d3bf0438

Installed on CentOS7 with:

# cat /etc/yum.repos.d/copr-marcindulak-snort.repo
[copr-marcindulak-snort]
name=copr-marcindulak-snort
baseurl=https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/epel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/pubkey.gpg

# yum -y install snort++ --enablerepo=copr-marcindulak-snort

# SNORT_LUA_PATH=/etc/snort LUA_PATH=/usr/include/snort/lua/?.lua
snort --daq-dir /usr/lib64/daq --daq nfq -l /var/log/snort -c
/etc/snort/snort.lua
--------------------------------------------------
o")~   Snort++ 3.0.0-a4-226
--------------------------------------------------
Loading /etc/snort/snort.lua:
        ssh
        rpc_decode
        pop
        stream_user
        stream_tcp
        smtp
        ssl
        gtp_inspect
        stream_ip
        appid
        stream_icmp
        reputation
        stream_udp
        file_id
        back_orifice
        classifications
        port_scan
        dnp3
        ftp_data
        ftp_server
        telnet
        ftp_client
        http_inspect
        stream
        references
        arp_spoof
        sip
        wizard
        dns
        imap
        stream_file
Finished /etc/snort/snort.lua.
--------------------------------------------------
nfq DAQ configured to passive.
Commencing packet processing
++ [0]
ERROR: Unable to find a Codec with data link type 228

Marcin

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: