Re: Snort 2.9 for IPv6

[Russ via Snort-users <snort-users () lists snort org>]

What version of Snort and DAQ are you using?  --enable-ipv6 is kinda old 
now.  If you aren't using the latest I suggest updating.  The DAQ may 
have been updated to address this issue.

On 2/21/18 9:27 AM, oleg gv via Snort-users wrote:
> Daq can not sniff both on V4 and v6. So 2 instanses of snort is the 
> only way?
>
> 2018-02-21 17:17 GMT+03:00 oleg gv <oagvozd () gmail com 
> <mailto:oagvozd () gmail com>>:
>
>     Hello,
>     I can not see alert on the next rules
>
>     alert ip any any --> IPV6_ADDRESS any (...)
>
>     alert icmp any any --> IPV6_ADDRESS any (...)
>
>     I use ping6 to test it.
>
>     Ipv4 test works fine.
>
>     Snort is build with --enable-ipv6 and uses ip6tables NFQUEUE.
>
>     Other ipv6 tcp/udp alerts also works fine.
>
>     Is it possible to detect IPv6 addresses in ip/icmp protocol rules  ?
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette