Feature #4951
open
datalink type 276 not yet supported
Added by Peter Pan over 1 year ago.
Updated 12 months ago.
Description
<Error> - [ERRCODE: SC_ERR_UNIMPLEMENTED(88)] - datalink type 276 not (yet) supported in module PcapFile.
Suricata 6.0.4 not supporting datalink type 276 yet? Would it be supported in the future or any possible workaround?
Thank you.
Are you able to provide a (public) pcap?
- Tracker changed from Support to Feature
- Status changed from New to Assigned
- Assignee set to Peter Pan
- Target version set to TBD
Victor Julien wrote in #note-1:
Are you able to provide a (public) pcap?
It is easy to reproduce:
On a linux (tested on Kali linux) sniff using the options -s0 -i any -w filename.pcap, tcpdump will store the data using LINKTYPE_LINUX_SLL2 (which contains the name of the network interface in the headers). More info: https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html
Also available in: Atom
PDF