Snort mailing list archives
Re: cannot decode data link type 239
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 09 Sep 2014 11:04:24 -0600
On 2014-09-09 11:01, Sharif Uddin wrote:
I have just tried and made no difference. Strace still gives me
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
ioctl(4, SIOCGIFADDR, {ifr_name="nflog", ???}) = -1 ENODEV (No such
device)
close(4) = 0
write(2, "ERROR: Cannot decode data link t"..., 40ERROR: Cannot
decode data link type 239
) = 40
write(2, "Fatal Error, Quitting..\n", 24Fatal Error, Quitting..
) = 24
close(3) = 0
exit_group(1) = ?
+++ exited with 1 +++
Got a pcap you can share? James ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- cannot decode data link type 239 Sharif Uddin (Sep 09)
- Re: cannot decode data link type 239 James Lay (Sep 09)
- Re: cannot decode data link type 239 Sharif Uddin (Sep 09)
- Re: cannot decode data link type 239 James Lay (Sep 09)
- Re: cannot decode data link type 239 Sharif Uddin (Sep 09)
- Re: cannot decode data link type 239 James Lay (Sep 09)
- Re: cannot decode data link type 239 Russ Combs (rucombs) (Sep 09)
- Re: cannot decode data link type 239 Sharif Uddin (Sep 09)
- Re: cannot decode data link type 239 James Lay (Sep 09)
- Re: cannot decode data link type 239 waldo kitty (Sep 09)