Snort mailing list archives

IGMP traffic

From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Fri, 12 Apr 2002 14:54:39 -0400

From time to time I notice IGMP related info in my trace files such as:


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

04/10-09:32:27.392241 1.2.3.4 -> 224.0.0.2
IGMP TTL:1 TOS:0x0 ID:54389 IpLen:24 DgmLen:32
IP Options (1) => Opt 148: 0000 1700
........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

So I tried to create a rule that looks for IGMP, but apparently it is not
supported in Snort 1.8.4 B99.

Does anyone know if support for checking additional protocols such as IGMP,
ARP etc is on the way?


Thanks,

Paul Sheahan
Manager of Information Security
Priceline.com
paul.sheahan () priceline com



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IGMP traffic Sheahan, Paul (PCLN-NW) (Apr 12)