Project

General

Profile

Actions
Copy link

Feature #4951

open

datalink type 276 not yet supported

Added by Peter Pan over 1 year ago. Updated 12 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Peter Pan
Target version:
TBD
Effort:
Difficulty:
Label:

Description

<Error> - [ERRCODE: SC_ERR_UNIMPLEMENTED(88)] - datalink type 276 not (yet) supported in module PcapFile.

Suricata 6.0.4 not supporting datalink type 276 yet? Would it be supported in the future or any possible workaround?

Thank you.

Actions
Copy link
 #1

Updated by Victor Julien over 1 year ago

Are you able to provide a (public) pcap?

Actions
Copy link
 #2

Updated by Andreas Herz over 1 year ago

  • Tracker changed from Support to Feature
  • Status changed from New to Assigned
  • Assignee set to Peter Pan
  • Target version set to TBD
Actions
Copy link
 #3

Updated by Pablo Catalina 12 months ago

Victor Julien wrote in #note-1:

Are you able to provide a (public) pcap?

It is easy to reproduce:

On a linux (tested on Kali linux) sniff using the options -s0 -i any -w filename.pcap, tcpdump will store the data using LINKTYPE_LINUX_SLL2 (which contains the name of the network interface in the headers). More info: https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html

Actions
Copy link

Also available in: Atom PDF