Barnyard2 – Unknown record type read: 110
After my post about the “Unknown record type 104″ problem in Barnyard2, I received several e-mails recently about a new error that started popping up:
ERROR: Unknown record type read: 110
I had not seen this one myself, but did some quick investigating and found out that it is a new record type in Snort 2.9.0
This new record type is called “Unified2_Extra_Data” and is used for gzip and XFF data.
Barnyard2 will need to be adapted to recognize these new types and this will hopefully happen soon…