Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: display/log IPv6 traffic ?

From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Fri, 14 May 2004 09:21:14 +0200
Hi Markus,


I startet snort in a IPv6 network. The summary screen, displayed at exiting
snort display the correct number of IPv6 pakets but none of them are logged
in logfiles or displayed at the console (with -v).

Is it not possible to display/log IPv6 traffic with snort ?


no, actually snort works only with IPv4, IPv6 packets are only counted
but never analyzed. Marty seems to work on an IPv6 version of snort but
the last time it was more than experimental...

You can take a look at snort/src/decode.c and search for DecodeIPV6:
---
 * Function: DecodeIPV6(u_int8_t *, u_int32_t)
 *
 * Purpose: Just like IPX, it's just for counting.
 *
 * Arguments: pkt => ptr to the packet data
 *            len => length from here to the end of the packet
 *
 * Returns: void function
 */
void DecodeIPV6(u_int8_t *pkt, u_int32_t len)
{
    DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "IPv6 is not supported.\n"););
    pc.ipv6++;
    return;
}
---

I think you now see why it does nothing than counting the packets...

Best regards

Dirk





-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: