Snort mailing list archives
Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 9 Jul 2013 06:34:26 -0600
On Jul 9, 2013, at 5:40 AM, Hayden Stainsby <hds () titanemail com> wrote:
I am trying to snort (amongst other interfaces) a Kismet tun/tap interface, and am receiving this error: ERROR: Cannot decode data link type 105 When I went through the snort code, it looked as if 105 refers to DLT_IEEE802_11, which makes sense given that I'm reading wireless data out of kismet. I've recently upgraded to Ubuntu 12.04 LTS, which is when I started getting this error. I have tried with both the install that I had of Snort 2.9.1 which was working before the upgrade and also a new install of Snort 2.9.5, both produce the same error, but only for the kistap1 device that Kismet creates, I am also using snort on eth0 and wlan0 with no problems. Right now I'm running it as root to test, so I don't think it's a permission issue. I've included the output running snort with no configuration file and with the default configuration file below (the second one is quite long, sorry about that). Any help or pointers would be most appreciated. Thanks in advance, Hayden
Compile with the addition of: --enable-non-ether-decoders James ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snorting a Kismet tun/tap interface: Cannot decode data link type 105 Hayden Stainsby (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 James Lay (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 Hayden Stainsby (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 rmkml (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 James Lay (Jul 09)