Snort mailing list archives

Re: snort3: ERROR: Unable to find a Codec with data link type 228

From: Russ <rucombs () cisco com>
Date: Tue, 21 Feb 2017 07:13:41 -0500

228 is raw IP4 provided by cd_raw4 in the extras.

You will need to add --plugin-path to point to yourinstall/lib/snort_extra/.


On 2/20/17 11:13 PM, Marcin Dulak wrote:

Hi,

snort3:https://github.com/snortadmin/snort3/commit/a9f9bd38ced24da8196746074ef60a73d3bf0438


Installed on CentOS7 with:

# cat /etc/yum.repos.d/copr-marcindulak-snort.repo
[copr-marcindulak-snort]
name=copr-marcindulak-snort
baseurl=
https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/epel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=
https://copr-be.cloud.fedoraproject.org/results/marcindulak/snort/pubkey.gpg

# yum -y install snort++ --enablerepo=copr-marcindulak-snort

# SNORT_LUA_PATH=/etc/snort LUA_PATH=/usr/include/snort/lua/?.lua snort --daq-dir /usr/lib64/daq --daq nfq -l 
/var/log/snort -c /etc/snort/snort.lua
--------------------------------------------------
o")~   Snort++ 3.0.0-a4-226
--------------------------------------------------
Loading /etc/snort/snort.lua:
        ssh
        rpc_decode
        pop
        stream_user
        stream_tcp
        smtp
        ssl
        gtp_inspect
        stream_ip
        appid
        stream_icmp
        reputation
        stream_udp
        file_id
        back_orifice
        classifications
        port_scan
        dnp3
        ftp_data
        ftp_server
        telnet
        ftp_client
        http_inspect
        stream
        references
        arp_spoof
        sip
        wizard
        dns
        imap
        stream_file
Finished /etc/snort/snort.lua.
--------------------------------------------------
nfq DAQ configured to passive.
Commencing packet processing
++ [0]
ERROR: Unable to find a Codec with data link type 228

Marcin




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort3: ERROR: Unable to find a Codec with data link type 228 Marcin Dulak (Feb 20)
- Re: snort3: ERROR: Unable to find a Codec with data link type 228 Russ (Feb 21)