Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram

["Michael Steele" <michaels () winsnort com>]

This is an issue with Snort.  Anyone having problems related to this
specific issue send your snort configuration and logs to the develop team.
It appears this is a bug in the software for some.

 

Below is a request from the development team. I’m not able to do this until
tomorrow.

 

Could you send me your config and the traffic you are sending ? Also send us
the capture of the traffic snort is receiving. Is this happening when you
send a single packet or only under load ?

 

WINSNORT.com Management Team Member

--

********************************************************

*     Since 2002 ~~ Visit http://www.winsnort.com

*      ~~ FREE Windows installation Tutorials ~~

*              ~~ FREE Support Forums ~~

* Snort: Open Source Network IDS - http://www.snort.org

********************************************************

 

From: Dorian ROSSE <dorianbrice () hotmail fr> 
Sent: Thursday, July 25, 2019 8:28 AM
To: Ron Jenkins <ron.jenkins () rmjconsulting net>; Michael Steele
<michaels () winsnort com>
Cc: Snort-users () lists snort org
Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING:
Not IPv4 datagram

 

Do you use It settings in your laster snort? 

Télécharger  <https://aka.ms/ghei36> Outlook pour Android

 

  _____  

From: Ron Jenkins <ron.jenkins () rmjconsulting net
<mailto:ron.jenkins () rmjconsulting net> >
Sent: Thursday, July 25, 2019 2:15:35 PM
To: Dorian ROSSE <dorianbrice () hotmail fr <mailto:dorianbrice () hotmail fr> >;
Michael Steele <michaels () winsnort com <mailto:michaels () winsnort com> >
Cc: Snort-users () lists snort org <mailto:Snort-users () lists snort org>
<Snort-users () lists snort org <mailto:Snort-users () lists snort org> >
Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING:
Not IPv4 datagram 

 

Same settings used with v2.9.13 and .13 I works fine. 

Ron Jenkins (Owner / Senior Architect)

RMJ Consulting "Supporting Companies with their Technology needs"

 

  _____  

From: Dorian ROSSE <dorianbrice () hotmail fr <mailto:dorianbrice () hotmail fr> >
Sent: Thursday, July 25, 2019 6:44:50 AM
To: Michael Steele <michaels () winsnort com <mailto:michaels () winsnort com> >;
Ron Jenkins <ron.jenkins () rmjconsulting net
<mailto:ron.jenkins () rmjconsulting net> >
Cc: Snort-users () lists snort org <mailto:Snort-users () lists snort org>
<Snort-users () lists snort org <mailto:Snort-users () lists snort org> >
Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING:
Not IPv4 datagram 

 

Have you set up the home net settings in snort conf files then or / and
attach the IP home networks to the interface networks name? 

Télécharger  <https://aka.ms/ghei36> Outlook pour Android

 

  _____  

From: Snort-users <snort-users-bounces () lists snort org
<mailto:snort-users-bounces () lists snort org> > on behalf of Michael Steele
<michaels () winsnort com <mailto:michaels () winsnort com> >
Sent: Thursday, July 25, 2019 4:24:31 AM
To: 'Ron Jenkins' <ron.jenkins () rmjconsulting net
<mailto:ron.jenkins () rmjconsulting net> >
Cc: Snort-users () lists snort org <mailto:Snort-users () lists snort org>
<Snort-users () lists snort org <mailto:Snort-users () lists snort org> >
Subject: Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING:
Not IPv4 datagram 

 

I am getting this on all my Windows boxes for v2.9.13

 

Reverting back ios now back to normal…

 

Testing the snort.conf is good.

 

Snort –v -i1

 

The below is all the traffic Snort is seeing… 

 

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

 

WINSNORT.com Management Team Member

--

********************************************************

*     Since 2002 ~~ Visit http://www.winsnort.com

*      ~~ FREE Windows installation Tutorials ~~

*              ~~ FREE Support Forums ~~

* Snort: Open Source Network IDS - http://www.snort.org

********************************************************

 

From: Snort-users <snort-users-bounces () lists snort org
<mailto:snort-users-bounces () lists snort org> > On Behalf Of Ron Jenkins via
Snort-users
Sent: Tuesday, July 23, 2019 11:28 AM
To: 'snort-users () lists snort org' <snort-users () lists snort org
<mailto:snort-users () lists snort org> >
Subject: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not
IPv4 datagram
Importance: High

 

Good morning;

 

Is anyone experiencing issues with the latest version dropping all IP4
packets stating; (snort_decoder) WARNING: Not IPv4 datagram.

 

Worked perfectly when v2.9.13 was running on the same computer.

 

 

Thank you!

 

Ron Jenkins (Owner / Senior Architect) 

RMJ Consulting, LLC. " Supporting Companies with their Technology needs"

11715 Bricksome Ave STE B-7

Baton Rouge, LA 70816

Direct. 225-448-5214 Ext #101

Cell. 225-931-1632

Web.  <http://www.rmjconsulting.net/> http://www.rmjconsulting.net

Log Siphon.  <http://www.logsiphon.com/> http://www.logsiphon.com

Linkedin.  <http://www.linkedin.com/in/ronmjenkins/>
www.linkedin.com/in/ronmjenkins/

Twitter:  <http://www.twitter.com/RMJConsulting>
www.twitter.com/RMJConsulting 

Facebook:  <http://www.facebook.com/rmjcsconsulting>
www.facebook.com/rmjcsconsulting 

RMJ Consulting’s Technology Corner.
<https://www.rmjconsulting.net/main/paper.php>
https://www.rmjconsulting.net/main/paper.php

 

PRIVILEGED & CONFIDENTIAL COMMUNICATION:
The information contained in this transmission may be privileged,
confidential, and exempt from disclosure under applicable law. It is
intended only for the use of the intended recipient. If you are not the
intended recipient, you are hereby on notice that any unauthorized
disclosure, dissemination, distribution, duplication, or taking any action
in reliance on the contents of the electronically transmitted materials or
contents of this communication is strictly prohibited. If you have received
this communication in error, please contact the sender by reply e-mail and
destroy all copies of the original message. 

PRIVILEGED & CONFIDENTIAL COMMUNICATION:
The information contained in this transmission may be privileged,
confidential, and exempt from disclosure under applicable law. It is
intended only for the use of the intended recipient. If you are not the
intended recipient, you are hereby on notice that any unauthorized
disclosure, dissemination, distribution, duplication, or taking any action
in reliance on the contents of the electronically transmitted materials or
contents of this communication is strictly prohibited. If you have received
this communication in error, please contact the sender by reply e-mail and
destroy all copies of the original message. 

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette