[Bro] unknown data link type 0xc
Martin Petraschek
petraschek at ftw.at
Tue Jul 12 00:33:40 PDT 2005
On Mon, 11 Jul 2005 17:11:52 -0700, Christian Kreibich wrote:
>> When I execute bro on a sample pcap file, I get the following error:
>>
>> bro: problem with trace file /data/syndata/trace.cap - unknown data link type 0xc
>>
>> What does that mean? The pcap file is OK and can be read with tcpdump -r
>
>what Bro version are you using? 0x0C is the code for raw packet
>captures, starting directly with IP headers. Bro has supported these for
>a while now but I remember DLT_RAW being added to the codebase. Try a
>newer version?
>
>Cheers,
>Christian.
I upgraded from the latest stable release (0.8a88) to the latest developer release (0.9a9),
and now it works! Thanks for the hint!
Martin
More information about the Bro
mailing list