barnyard2 and GRE packets

[Eugeniu Babin <eugen.babin () gmail com>]

Hi All,
I have an issue with barnyard reading .u2 files which contains GRE packets.
I'm analyzing with SNORT, GRE traffic. Unified is setup to generate
alert_fast into a file and in parallel alert_unified in u2 files. When a
problematic packet is found the information in file (output of alert_fast)
is showing me properly IP address (source host and destination host), but
after barnyard is processing u2 files, unfortunately I see GRE source and
destination IPs.
Of course unified is making a snapshot of the original packet and this is
obviously GRE.
Is it possible to setup barnyard to strip GRE packet and make visible
initial IP addresses .

Many thanks!
Eugene

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!