Snort mailing list archives
Weird unified_log & barnyard
From: Tomás Heredia <tomas.heredia () activesec biz>
Date: Mon, 08 Jun 2009 12:28:38 -0300
Hi all I've been digging in an unified log, and I've seen that some log entries have an ethernet header as axpected by barnyard, but others start directly with the IP header, and barnyard don't process it's IP data, throwing this error: Unknown Network header (0x40A)... (in this case, 0x40A matches the ip header first two bytes, but I also got some other values) Someone have seen this before? Regards, Tomás ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Weird unified_log & barnyard Tomás Heredia (Jun 08)