Re: Linktype 113 not decoded

["Paul Schmehl" <pauls () utdallas edu>]

----- Original Message ----- 
From: "Martin Roesch" <roesch () sourcefire com>
To: "BALDWIN, BILL (SBCSI)" <wb7192 () sbc com>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, March 04, 2005 10:11 PM
Subject: Re: [Snort-users] Linktype 113 not decoded


> Hi Bill,
>
> Here's a quick and dirty patch that you can apply to Barnyard that'll
> add SLL support to its decoder.  if you patch the barnyard code set
> with this and then try to reprocess your unified files it'll probably
> work.  Let me know what you find.  I don't have any SLL unified files
> to test with, so this compiles but hasn't been operationally tested...
Since I'm the FreeBSD port maintainer for barnyard, hopefully you'll be kind 
enough to answer a couple of questions.

1) Is development of barnyard ongoing?  There hasn't been any activity on 
the devel list in three months.  (If so, any anticipated release date for 
the next minor rev?)

A completely unrelated snort question as well.  Are there any plans to fold 
the patch used by sguil into the spp_portscan.c code?  (ISTM you're 
completely revamping the portscan code instead.)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ 



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users