Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Weird unified_log & barnyard

From: Tomás Heredia <tomas.heredia () activesec biz>
Date: Mon, 08 Jun 2009 12:28:38 -0300
Hi all
I've been digging in an unified log, and I've seen that some log entries
have an ethernet header as axpected by barnyard, but others start
directly with the IP header, and barnyard don't process it's IP data,
throwing this error: Unknown Network header (0x40A)... (in this case,
0x40A matches the ip header first two bytes, but I also got some other
values)

Someone have seen this before?

Regards,
Tomás


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: