Snort mailing list archives
IGMP traffic
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Fri, 12 Apr 2002 14:54:39 -0400
From time to time I notice IGMP related info in my trace files such as:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/10-09:32:27.392241 1.2.3.4 -> 224.0.0.2 IGMP TTL:1 TOS:0x0 ID:54389 IpLen:24 DgmLen:32 IP Options (1) => Opt 148: 0000 1700 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ So I tried to create a rule that looks for IGMP, but apparently it is not supported in Snort 1.8.4 B99. Does anyone know if support for checking additional protocols such as IGMP, ARP etc is on the way? Thanks, Paul Sheahan Manager of Information Security Priceline.com paul.sheahan () priceline com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IGMP traffic Sheahan, Paul (PCLN-NW) (Apr 12)