![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram
From: Ron Jenkins via Snort-users <snort-users () lists snort org>
Date: Wed, 24 Jul 2019 17:08:04 +0000
Ubuntu Server v18.04 is the only two servers I tested internal. These two sensors are processing low volume traffic. Note * When starting the Snort IDS process it will state Decoding Loopback then something next about data link not implemented yet at the end. When starting v2.9.13, this is not seen and it states decoding Ethernet From: Kaushal Bhandankar (kbhandan) <kbhandan () cisco com> Sent: Wednesday, July 24, 2019 11:48 AM To: Ron Jenkins <ron.jenkins () rmjconsulting net>; Al Lewis (allewi) <allewi () cisco com> Cc: snort-users () lists snort org Subject: RE: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Hi Ron, Sorry to hear about the issue you are facing. Can you let us know the OS, flavor on which you are testing this ? Do you see this behavior with only high amount of traffic or even with a single packet ? Regards, Kaushal From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> On Behalf Of Ron Jenkins via Snort-users Sent: Wednesday, July 24, 2019 7:51 PM To: Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>>; 'snort-users () lists snort org' <snort-users () lists snort org<mailto:snort-users () lists snort org>> Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram I confirmed that traffic is seen on the interface via tcpdump and Snort shows all seen IP4 traffic 100% discarded. Uninstalled Snort v2.9.14 from both sensors and reinstalled v2.9.13; all works fine with v2.9.13. Thanks! From: Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>> Sent: Wednesday, July 24, 2019 9:09 AM To: Ron Jenkins <ron.jenkins () rmjconsulting net<mailto:ron.jenkins () rmjconsulting net>>; 'snort-users () lists snort org' <snort-users () lists snort org<mailto:snort-users () lists snort org>> Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Have you been able to analyze the traffic and confirm its valid? Do you have a copy of the traffic you can share? Albert Lewis ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of Ron Jenkins via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> Reply-To: Ron Jenkins <ron.jenkins () rmjconsulting net<mailto:ron.jenkins () rmjconsulting net>> Date: Wednesday, July 24, 2019 at 10:07 AM To: "'snort-users () lists snort org'" <snort-users () lists snort org<mailto:snort-users () lists snort org>> Subject: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Good morning; Is anyone experiencing issues with the latest version dropping all IP4 packets stating; (snort_decoder) WARNING: Not IPv4 datagram. Worked perfectly when v2.9.13 was running on the same computer. Thank you! Ron Jenkins (Owner / Senior Architect) RMJ Consulting, LLC. " Supporting Companies with their Technology needs" 11715 Bricksome Ave STE B-7 Baton Rouge, LA 70816 Direct. 225-448-5214 Ext #101 Cell. 225-931-1632 Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/> Log Siphon. http://www.logsiphon.com<http://www.logsiphon.com/> Linkedin. www.linkedin.com/in/ronmjenkins/<http://www.linkedin.com/in/ronmjenkins/> Twitter: www.twitter.com/RMJConsulting<http://www.twitter.com/RMJConsulting> Facebook: www.facebook.com/rmjcsconsulting<http://www.facebook.com/rmjcsconsulting> RMJ Consulting’s Technology Corner. https://www.rmjconsulting.net/main/paper.php PRIVILEGED & CONFIDENTIAL COMMUNICATION: The information contained in this transmission may be privileged, confidential, and exempt from disclosure under applicable law. It is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby on notice that any unauthorized disclosure, dissemination, distribution, duplication, or taking any action in reliance on the contents of the electronically transmitted materials or contents of this communication is strictly prohibited. If you have received this communication in error, please contact the sender by reply e-mail and destroy all copies of the original message. PRIVILEGED & CONFIDENTIAL COMMUNICATION: The information contained in this transmission may be privileged, confidential, and exempt from disclosure under applicable law. It is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby on notice that any unauthorized disclosure, dissemination, distribution, duplication, or taking any action in reliance on the contents of the electronically transmitted materials or contents of this communication is strictly prohibited. If you have received this communication in error, please contact the sender by reply e-mail and destroy all copies of the original message. PRIVILEGED & CONFIDENTIAL COMMUNICATION: The information contained in this transmission may be privileged, confidential, and exempt from disclosure under applicable law. It is intended only for the use of the intended recipient. If you are not the intended recipient, you are hereby on notice that any unauthorized disclosure, dissemination, distribution, duplication, or taking any action in reliance on the contents of the electronically transmitted materials or contents of this communication is strictly prohibited. If you have received this communication in error, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram, (continued)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Роман Голубенко via Snort-users (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Dorian ROSSE via Snort-users (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Dorian ROSSE via Snort-users (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Michael Steele (Jul 25)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Kaushal Bhandankar (kbhandan) via Snort-users (Jul 24)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)