Niels Horn's Blog

Random thoughts, tips & tricks about Slackware-Linux, Lego and Star Wars

Barnyard2 – Unknown record type read: 110

Barnyard2After my post about the “Unknown record type 104″ problem in Barnyard2, I received several e-mails recently about a new error that started popping up:

ERROR: Unknown record type read: 110

I had not seen this one myself, but did some quick investigating and found out that it is a new record type in Snort 2.9.0
This new record type is called “Unified2_Extra_Data” and is used for gzip and XFF data.

Barnyard2 will need to be adapted to recognize these new types and this will hopefully happen soon…

Bookmark and Share

This entry was posted on Thursday, November 11th, 2010 at 8:30 and is filed under Barnyard2, snort. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

It may take some time for your comment to appear, it is not necessary to submit it again.