[Bro] ipv6
dikshie
dikshie at sfc.wide.ad.jp
Tue Jan 13 08:51:42 PST 2009
Seth Hall wrote:
>
> On Jan 13, 2009, at 11:37 AM, dikshie wrote:
>
>> 2.I use Bro-1.4 install from FreeBSD ports by add
>> --enable-brov6 to CONFIGURE_ARGS=
>> but bro fail to read ipv6 traces.
>
> Make sure that you set your capture filter to include ipv6 traffic.
> It's not set to include it by default. From the command line you can do
> -f"ip and ip6" to include all ipv4 and ipv6 traffic.
i use tcpdump to capture packet.
#tcpdump -c 10000 -s 1500 -w ip6.pcap -nvvi em2 ip6
#tcpdump -s 1500 -nvv -w tcp6.pcap -r ip6.pcap tcp
#bro -r tcp6.pcap
1231818666.514747 weird: spontaneous_FIN
there are no *.log files (conn.log, etc).
>
>> 3.does bro can read ip6 multicast traces?
>
> I don't see why it would have any trouble with multicast.
#tcpdump -w multicast.pcap -c 100000 -s 1500 -nvvi em2 ip6 multicast
#bro -r multicast.pcap
1231827825.806499 weird: bad_UDP_checksum
there are no *.log files.
with best regards,
-dikshie-
More information about the Bro
mailing list