rmkml at free.fr
Tue Jan 13 06:56:30 PST 2009
Bro v1.4.6 with ipv6 compiled works good, small example:
./bro146ipv6 -r ipv6_http.pcap -f 'ip6' bro.init mt
1186341404.189852 0.029609 2001:6f8:102d:0:2d0:9ff:fee3:e8de 2001:6f8:900:7c0::2 http 59201 80 tcp 240 2259 SF X %1
1186341404.199471 %1 start 2001:6f8:102d:0:2d0:9ff:fee3:e8de:59201 > 2001:6f8:900:7c0::2:80
1186341404.204585 %1 GET / (200 "OK"  cl-1985.ham-01.de.sixxs.net)
On Tue, 13 Jan 2009, Vern Paxson wrote:
> Date: Tue, 13 Jan 2009 08:53:13 -0800
> From: Vern Paxson <vern at icir.org>
> To: dikshie <dikshie at sfc.wide.ad.jp>
> Cc: bro at ICSI.Berkeley.EDU
> Subject: Re: [Bro] ipv6
>> 1.any documentation how to use Bro to read and analyze
>> ipv6 traces?
> Nothing extra is needed other than --enable-brov6.
> Note though that Bro doesn't correctly deal with packets that have options
> (this is a BPF/pcap limitation, rather than something specific to Bro).
>> 2.I use Bro-1.4 install from FreeBSD ports by add
>> --enable-brov6 to CONFIGURE_ARGS=
>> but bro fail to read ipv6 traces.
> As usual, reports of failures work much better if you include a trace and
> command-line invocation that demonstrates the problem, so we can try to
> reproduce it.
>> 3.does bro can read ip6 multicast traces?
> It should be able to read them (as UDP, if that's what they are), but
> doesn't do any interesting analysis on them.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro