[Bro] Capturing and analyzing IGMP packets
François Gagnon
frgag272 at ift.ulaval.ca
Sun Mar 12 19:26:33 PST 2006
Hi,
I am wondering if Bro is able to capture and analyze IGMP packets ?
I tried to turn all filters off ("redef capture_filters = {};" at the end of
brolite-sigs.bro)
I built a very simple signature:
signature header3
{
src-ip == 10.92.39.3
event "Header 3"
}
When I run with this on a trace containing only IGMP traffic, nothing appends
even though there is plenty of packets with src-ip == 10.92.39.3 in the trace.
I tried running with the same config on a trace containing TCP, and there I get
the alarms.
Is there any way to get Bro to analyze IGMP packets ?
Thanks!
More information about the Bro
mailing list