Snort mailing list archives
Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode
From: Jutichai Thongkrachai <thsecmaniac () gmail com>
Date: Thu, 21 Aug 2014 16:08:30 +0700
To Waldo kitty, after run " ./configure --enable-non-ether-decoders --enable-sourcefire", Should I need run " make ;make install" again? 2014-08-21 2:36 GMT+07:00 <snort-users-request () lists sourceforge net>:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Re: darpa dataset problem(zero alert) (waldo kitty) 2. Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode (Jutichai Thongkrachai) 3. Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode (waldo kitty) 4. Snort does not capture with PF_RINF DNA (Ivan Petrov) 5. Suse Linux Enterprise Server 11 (Daniel Gonnsen) ---------- จดหมายที่ถูกส่งต่อ ---------- From: waldo kitty <wkitty42 () windstream net> To: snort-users () lists sourceforge net Cc: Date: Tue, 19 Aug 2014 19:54:26 -0400 Subject: Re: [Snort-users] darpa dataset problem(zero alert) On 8/19/2014 6:29 PM, Joel Esler (jesler) wrote:That is from the ruleset that is available at www.snort.org/downloadsand just to expand on joel's reply, GID:1 are snort's textual rules... the shared object rules are GID:3... gen-msg.map will tell you the others... including those generated by internal snort modules... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ---------- จดหมายที่ถูกส่งต่อ ---------- From: Jutichai Thongkrachai <thsecmaniac () gmail com> To: snort-users () lists sourceforge net Cc: Date: Wed, 20 Aug 2014 11:25:42 +0700 Subject: Re: [Snort-users] Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode To Waldo kitty ./configure --enable-sourcefire---------- จดหมายที่ถูกส่งต่อ ---------- From: waldo kitty <wkitty42 () windstream net> To: snort-users () lists sourceforge net Cc: Date: Tue, 19 Aug 2014 13:40:52 -0400 Subject: Re: [Snort-users] Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode On 8/19/2014 12:29 AM, Jutichai Thongkrachai wrote:To Waldo kitty I install from .tar.gz (source not binary)what are your snort build options?? -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted.---------- จดหมายที่ถูกส่งต่อ ---------- From: waldo kitty <wkitty42 () windstream net> To: snort-users () lists sourceforge net Cc: Date: Wed, 20 Aug 2014 01:53:38 -0400 Subject: Re: [Snort-users] Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode On 8/20/2014 12:25 AM, Jutichai Thongkrachai wrote:To Waldo kitty ./configure --enable-sourcefirehttp://seclists.org/snort/2013/q4/543 ---------- จดหมายที่ถูกส่งต่อ ----------From: waldo kitty <wkitty42 () windstream net <mailto: wkitty42 () windstream net>> To: snort-users () lists sourceforge net <mailto: snort-users () lists sourceforge net> Cc: Date: Tue, 19 Aug 2014 13:40:52 -0400 Subject: Re: [Snort-users] Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode On 8/19/2014 12:29 AM, Jutichai Thongkrachai wrote: To Waldo kitty I install from .tar.gz (source not binary) what are your snort build options??-- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ---------- จดหมายที่ถูกส่งต่อ ---------- From: Ivan Petrov <ipetrov80 () yahoo com> To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge netCc: Date: Wed, 20 Aug 2014 06:46:24 -0700 Subject: [Snort-users] Snort does not capture with PF_RINF DNA Hi, I'm trying to run Snort with Pf_ring DNA driver. But i'm stuck with a problem. sudo /usr/sbin/snort --daq-dir=/usr/local/lib/daq --daq-list /usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so: undefined symbol: numa_parse_nodestring Available DAQ modules: pcap(v3): readback live multi unpriv afpacket(v5): live inline multi unpriv ipfw(v3): live inline multi unpriv dump(v2): readback live inline multi unpriv libpfring is not in the daq list. Any ideas? Starting snort: /usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so: undefined symbol: numa_parse_nodestring My daemon child 20303 lives... Daemon parent exiting (0) [ OK ] Snort 2.9.6.2 Daq 2.0.2 PF_RING 6.0.1 DNA driver e1000e Regards, Ivan ---------- จดหมายที่ถูกส่งต่อ ---------- From: "Daniel Gonnsen" <DGonnsen () sao5 org> To: <snort-users () lists sourceforge net> Cc: Date: Wed, 20 Aug 2014 15:17:49 -0400 Subject: [Snort-users] Suse Linux Enterprise Server 11 Which binary file would I download to use on Suse Linux Enterprise Server 11? Are there any specific instructions for the installation. I found something for Open Suse versions but nothing for SLES. Thanks Under Florida law, email addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 17)
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode waldo kitty (Aug 17)
- <Possible follow-ups>
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 18)
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 19)
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 21)
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 22)
- Re: Got the "ERROR: Cannot decode data link type 239" message when turn on sniffer mode Jutichai Thongkrachai (Aug 23)