Snort mailing list archives
Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105
From: Hayden Stainsby <hds () titanemail com>
Date: Tue, 9 Jul 2013 14:57:23 +0200
Thanks @Rmkml and James Lay, that was exactly what I was missing. I needed to add "--enable-non-ether-decoders" to the configure options before compiling, it now works perfectly. Cheers, Hayden On 9 July 2013 14:34, James Lay <jlay () slave-tothe-box net> wrote:
On Jul 9, 2013, at 5:40 AM, Hayden Stainsby <hds () titanemail com> wrote:I am trying to snort (amongst other interfaces) a Kismet tun/tap interface, and am receiving this error: ERROR: Cannot decode data link type 105 When I went through the snort code, it looked as if 105 refers to DLT_IEEE802_11, which makes sense given that I'm reading wireless data out of kismet. I've recently upgraded to Ubuntu 12.04 LTS, which is when I started getting this error. I have tried with both the install that I had of Snort 2.9.1 which was working before the upgrade and also a new install of Snort 2.9.5, both produce the same error, but only for the kistap1 device that Kismet creates, I am also using snort on eth0 and wlan0 with no problems. Right now I'm running it as root to test, so I don't think it's a permission issue. I've included the output running snort with no configuration file and with the default configuration file below (the second one is quite long, sorry about that). Any help or pointers would be most appreciated. Thanks in advance, HaydenCompile with the addition of: --enable-non-ether-decoders James ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- #!/usr/bin/perl chop($_=<>);@s=split/ /;foreach$m(@s){if($m=='*'){$z=pop@t;$x= pop@t;$a=eval"$x$m$z";push@t,$a;}else{push@t,$m;}}print"$a\n"; -- * * * ------------------------------ This email and any attachments are confidential, privileged and protected by copyright. If you are not the intended recipient, dissemination or copying of this email is prohibited. If you have received this in error, please notify the sender by replying by email and then delete the email completely from your system. * *Where the content of this email is personal or otherwise unconnected with the Company or its business, Titan Entertainment Group accepts no responsibility or liability for such content. * *Internet email may be susceptible to data corruption, interception and unauthorised amendment over which we have no control. Whilst sweeping all outgoing email for viruses, we do not accept liability for the presence of any computer viruses in this email or any losses caused as a result of viruses.* ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snorting a Kismet tun/tap interface: Cannot decode data link type 105 Hayden Stainsby (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 James Lay (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 Hayden Stainsby (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 rmkml (Jul 09)
- Re: Snorting a Kismet tun/tap interface: Cannot decode data link type 105 James Lay (Jul 09)