Snort mailing list archives
Re: mpls
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 15 Jun 2007 07:30:46 -0400
I need to sniff a link that uses mpls headers. Does any one have some advice for doing this successfully?
From http://www.snort.org/users/roesch/Site/Snort%203.0.html
"...most specifically the new protocol decoders that have been added for Snort 3.0 including IPv6, MPLS, GRE and 802.1q as well as the new TCP and IP option decoders." I'd say Snort 3.0 is your best bet. Otherwise you're in uncharted waters, I think. If you had to use 2.6.x right now, you might be able to use something like mpls-linux and bridging and then have Snort attach to the Ethernet bridge interface. I have no idea if that would actually work, though. PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Sensor overload - Too much traffic for Snort box?, (continued)
- Re: Sensor overload - Too much traffic for Snort box? Benjamin Small (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Fábio a.k.a Fósforo (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 09)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 11)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 11)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 13)
- Re: Sensor overload - Too much traffic for Snort box? Nigel Houghton (Jun 14)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 14)
- mpls ty (Jun 14)
- Re: mpls Paul Melson (Jun 15)
- Re: mpls Martin Roesch (Jun 15)
- Re: mpls Matthew Watchinski (Jun 15)
- Re: Snort memory swap usage Marc Norton (Jun 13)