Snort mailing list archives

Re: field of icmpv6 (Router Advertisement message)

From: Guise McAllaster <guise.mcallaster () gmail com>
Date: Mon, 30 Nov 2009 15:31:22 +0000

I have had some troubles in the past with snort and IPv6.  I am not sure
that snort is fully IPv6 implemented.  Maybe some but not all RFC compliant.

Guise

On Sun, Nov 29, 2009 at 4:25 PM, Joel Esler <jesler () sourcefire com> wrote:

You might want to look into the "ip_proto" keyword.

J

On Sun, Nov 29, 2009 at 4:23 AM, sofia insat <sofia.insat () yahoo fr> wrote:

Hi everyone,

I want to know how can I detect options field of Router Advertisement (for impv6)
I want to detect options like: Source link-layer address, Prefix Information, Mtu

this is the Router Advertisement Message Format <http://www.networksorcery.com/enp/rfc/rfc2461.txt> :


    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |     Code      |          Checksum             |

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Cur Hop Limit |M|O|  Reserved |       Router Lifetime         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     |                         Reachable Time                        |


 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          Retrans Timer                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     |   Options ...
     +-+-+-+-+-+-+-+-+-+-+-+-

do you have any ideas?
thanks




------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


--
Joel Esler | 302-223-5974 | Gtalk: jesler () sourcefire com


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

field of icmpv6 (Router Advertisement message) sofia insat (Nov 29)
- Re: field of icmpv6 (Router Advertisement message) Joel Esler (Nov 29)
  - Re: field of icmpv6 (Router Advertisement message) Guise McAllaster (Nov 30)
    - Re: field of icmpv6 (Router Advertisement message) Nigel Houghton (Nov 30)
    - Re: field of icmpv6 (Router Advertisement message) Guise McAllaster (Nov 30)
    - Re: field of icmpv6 (Router Advertisement message) Matt Olney (Nov 30)
    - Re: field of icmpv6 (Router Advertisement message) Guise McAllaster (Nov 30)
- <Possible follow-ups>
- field of icmpv6 (Router Advertisement message) sofia insat (Nov 29)