[Bro] Capturing and analyzing IGMP packets
Vern Paxson
vern at icir.org
Fri Mar 17 23:31:37 PST 2006
> I am wondering if Bro is able to capture and analyze IGMP packets ?
Bro doesn't have an IGMP analyzer. (Contributions for this welcome!)
> I tried to turn all filters off ("redef capture_filters = {};" at the end of
> brolite-sigs.bro)
>
> I built a very simple signature:
>
> signature header3
> {
> src-ip == 10.92.39.3
> event "Header 3"
> }
>
> When I run with this on a trace containing only IGMP traffic, nothing appends
> even though there is plenty of packets with src-ip == 10.92.39.3 in the trace.
You'll need to redef capture_filters so that it in some fashion includes
this traffic.
Vern
More information about the Bro
mailing list