[Bro] unknown data link type 0xc
Christian Kreibich
christian at whoop.org
Mon Jul 11 17:11:52 PDT 2005
Hi Martin,
On Mon, 2005-07-11 at 18:25 +0200, Martin Petraschek wrote:
> Hi!
>
> When I execute bro on a sample pcap file, I get the following error:
>
> bro: problem with trace file /data/syndata/trace.cap - unknown data link type 0xc
>
> What does that mean? The pcap file is OK and can be read with tcpdump -r
what Bro version are you using? 0x0C is the code for raw packet
captures, starting directly with IP headers. Bro has supported these for
a while now but I remember DLT_RAW being added to the codebase. Try a
newer version?
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list