[Bro-Dev] [JIRA] (BIT-1571) Connection summaries w/ IPv6 have poor readabiity
Adam Slagell (JIRA)
jira at bro-tracker.atlassian.net
Mon Apr 25 14:59:00 PDT 2016
[ https://bro-tracker.atlassian.net/browse/BIT-1571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=25806#comment-25806 ]
Adam Slagell edited comment on BIT-1571 at 4/25/16 4:58 PM:
------------------------------------------------------------
I also noticed an error.
The port column is really a port or ICMP code. The correct fix is probably to change the behavior of the python script to not count a port number for ICMP as those aren't ports. Here is an example. "port" 135 and 136 are ICMP codes in this summary.
{{
- Connections 909.0 - Payload 859.5k -
Ports | Sources | Destinations | Services | Protocols | States |
136 55.9% | fe80::201:5cff:fe63:1846#1 55.4% | ff02::fb#2 40.7% | - 59.3% | 1 57.5% | OTH 57.5% |
5353 40.7% | fe80::f299:bfff:fe00:4bd0#3 42.8% | ff02::1:ff02:7503#4 7.6% | dns 40.7% | 17 42.5% | S0 42.1% |
500 1.8% | fd1e:715a:47a1:67c5:d5f:b0cd:b68f:ac6c#5 1.7% | ff02::1:ff02:e0e3#6 6.6% | | | SF 0.3% |
135 1.7% | fd1e:715a:47a1:67c5:756e:dc63:f20d:4c92#7 0.1% | ff02::1:ff89:dce0#8 2.5% | | | |
| | fe80::201:5cff:fe63:1846#9 2.1% | | | |
| | 2001:558:6033:197:211c:1c06:2d22:5a23#10 2.0% | | | |
| | fe80::f299:bfff:fe00:4bd0#11 1.9% | | | |
| | ff02::1:ff22:157f#12 1.8% | | | |
| | fd1e:715a:47a1:67c5:51aa:889:3ca8:e4bf#13 1.8% | | | |
| | ff02::1:ff9c:2584#14 1.0% | | | | }}
was (Author: slagell):
I also noticed an error.
The port column is really a port or ICMP code. The correct fix is probably to change the behavior of the python script to not count a port number for ICMP as those aren't ports. Here is an example. "port" 135 and 136 are ICMP codes in this summary.
== fe80::/6 === 2016-04-25-08-41-20 - 2016-04-25-13-55-08
- Connections 909.0 - Payload 859.5k -
Ports | Sources | Destinations | Services | Protocols | States |
136 55.9% | fe80::201:5cff:fe63:1846#1 55.4% | ff02::fb#2 40.7% | - 59.3% | 1 57.5% | OTH 57.5% |
5353 40.7% | fe80::f299:bfff:fe00:4bd0#3 42.8% | ff02::1:ff02:7503#4 7.6% | dns 40.7% | 17 42.5% | S0 42.1% |
500 1.8% | fd1e:715a:47a1:67c5:d5f:b0cd:b68f:ac6c#5 1.7% | ff02::1:ff02:e0e3#6 6.6% | | | SF 0.3% |
135 1.7% | fd1e:715a:47a1:67c5:756e:dc63:f20d:4c92#7 0.1% | ff02::1:ff89:dce0#8 2.5% | | | |
| | fe80::201:5cff:fe63:1846#9 2.1% | | | |
| | 2001:558:6033:197:211c:1c06:2d22:5a23#10 2.0% | | | |
| | fe80::f299:bfff:fe00:4bd0#11 1.9% | | | |
| | ff02::1:ff22:157f#12 1.8% | | | |
| | fd1e:715a:47a1:67c5:51aa:889:3ca8:e4bf#13 1.8% | | | |
| | ff02::1:ff9c:2584#14 1.0% | | | |
> Connection summaries w/ IPv6 have poor readabiity
> -------------------------------------------------
>
> Key: BIT-1571
> URL: https://bro-tracker.atlassian.net/browse/BIT-1571
> Project: Bro Issue Tracker
> Issue Type: Improvement
> Components: BroControl
> Affects Versions: 2.4
> Reporter: Adam Slagell
> Assignee: Daniel Thayer
> Priority: Low
> Fix For: 2,5
>
> Attachments: [Bro] Connection summary from 15_53_27-16_00_00.txt
>
>
> The variable length of IPv6 and being mixed with IPv4 causes alignment issues with the white space in the connection summary emails.
--
This message was sent by Atlassian JIRA
(v7.2.0-OD-05-030#72002)
More information about the bro-dev
mailing list