Snort mailing list archives

Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram

From: Роман Голубенко via Snort-users <snort-users () lists snort org>
Date: Thu, 25 Jul 2019 18:32:39 +0300

чт, 25 июл. 2019 г., 18:24 Al Lewis (allewi) via Snort-users <
snort-users () lists snort org>:

Does someone have a conf and pcap that they can share to reproduce the
issue?



*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

Cisco Systems Inc.

Email: allewi () cisco com







*From: *Snort-users <snort-users-bounces () lists snort org> on behalf of
Ron Jenkins via Snort-users <Snort-users () lists snort org>
*Reply-To: *Ron Jenkins <ron.jenkins () rmjconsulting net>
*Date: *Wednesday, July 24, 2019 at 10:44 PM
*To: *Michael Steele <michaels () winsnort com>
*Cc: *"Snort-users () lists snort org" <Snort-users () lists snort org>
*Subject: *Re: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder)
WARNING: Not IPv4 datagram



Yep...Definately something not right with v2.9.14.

Ron Jenkins (Owner / Senior Architect)

RMJ Consulting "Supporting Companies with their Technology needs"


------------------------------

*From:* Michael Steele <michaels () winsnort com>
*Sent:* Wednesday, July 24, 2019 9:24:31 PM
*To:* Ron Jenkins <ron.jenkins () rmjconsulting net>
*Cc:* Snort-users () lists snort org <Snort-users () lists snort org>
*Subject:* RE: [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder)
WARNING: Not IPv4 datagram



I am getting this on all my Windows boxes for v2.9.13



Reverting back ios now back to normal…



Testing the snort.conf is good.



Snort –v -i1



The below is all the traffic Snort is seeing…



WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: IP dgm len > captured len

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram

WARNING: No preprocessors configured for policy 0.

(snort_decoder) WARNING: Not IPv4 datagram



WINSNORT.com Management Team Member

--

********************************************************

*     Since 2002 ~~ Visit http://www.winsnort.com

*      ~~ FREE Windows installation Tutorials ~~

*              ~~ FREE Support Forums ~~

* Snort: Open Source Network IDS - http://www.snort.org

********************************************************



*From:* Snort-users <snort-users-bounces () lists snort org> *On Behalf Of *Ron
Jenkins via Snort-users
*Sent:* Tuesday, July 23, 2019 11:28 AM
*To:* 'snort-users () lists snort org' <snort-users () lists snort org>
*Subject:* [Snort-users] Snort v2.9.14.0 Issues - (snort_decoder)
WARNING: Not IPv4 datagram
*Importance:* High



Good morning;



Is anyone experiencing issues with the latest version dropping all IP4
packets stating; *(snort_decoder) WARNING: Not IPv4 datagram*.



Worked perfectly when v2.9.13 was running on the same computer.





Thank you!



Ron Jenkins (Owner / Senior Architect)

*RMJ Consulting, LLC. *" *Supporting Companies with their Technology
needs*"

11715 Bricksome Ave STE B-7

Baton Rouge, LA 70816

*Direct*. 225-448-5214 Ext #101

*Cell.* 225-931-1632

*Web.* http://www.rmjconsulting.net

*Log Siphon*. http://www.logsiphon.com

*Linkedin.* www.linkedin.com/in/ronmjenkins/

*Twitter:* www.twitter.com/RMJConsulting

*Facebook: *www.facebook.com/rmjcsconsulting

*RMJ Consulting’s Technology Corner.*
https://www.rmjconsulting.net/main/paper.php



PRIVILEGED & CONFIDENTIAL COMMUNICATION:
The information contained in this transmission may be privileged,
confidential, and exempt from disclosure under applicable law. It is
intended only for the use of the intended recipient. If you are not the
intended recipient, you are hereby on notice that any unauthorized
disclosure, dissemination, distribution, duplication, or taking any action
in reliance on the contents of the electronically transmitted materials or
contents of this communication is strictly prohibited. If you have received
this communication in error, please contact the sender by reply e-mail and
destroy all copies of the original message.

PRIVILEGED & CONFIDENTIAL COMMUNICATION:
The information contained in this transmission may be privileged,
confidential, and exempt from disclosure under applicable law. It is
intended only for the use of the intended recipient. If you are not the
intended recipient, you are hereby on notice that any unauthorized
disclosure, dissemination, distribution, duplication, or taking any action
in reliance on the contents of the electronically transmitted materials or
contents of this communication is strictly prohibited. If you have received
this communication in error, please contact the sender by reply e-mail and
destroy all copies of the original message.
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Michael Steele (Jul 24)
  - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Michael Steele (Jul 24)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Dorian ROSSE via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Al Lewis (allewi) via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Joel Esler (jesler) via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Amish via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Роман Голубенко via Snort-users (Jul 25)
  - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Dorian ROSSE via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Dorian ROSSE via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 25)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Michael Steele (Jul 25)
- <Possible follow-ups>
- Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-devel (Jul 24)
- Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Al Lewis (allewi) via Snort-users (Jul 24)
  - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Kaushal Bhandankar (kbhandan) via Snort-users (Jul 24)
    - Re: Snort v2.9.14.0 Issues - (snort_decoder) WARNING: Not IPv4 datagram Ron Jenkins via Snort-users (Jul 24)