vern at icir.org
Tue Jan 13 08:53:13 PST 2009
> 1.any documentation how to use Bro to read and analyze
> ipv6 traces?
Nothing extra is needed other than --enable-brov6.
Note though that Bro doesn't correctly deal with packets that have options
(this is a BPF/pcap limitation, rather than something specific to Bro).
> 2.I use Bro-1.4 install from FreeBSD ports by add
> --enable-brov6 to CONFIGURE_ARGS=
> but bro fail to read ipv6 traces.
As usual, reports of failures work much better if you include a trace and
command-line invocation that demonstrates the problem, so we can try to
> 3.does bro can read ip6 multicast traces?
It should be able to read them (as UDP, if that's what they are), but
doesn't do any interesting analysis on them.
More information about the Bro