[Bro] Something is not clear to me concerning reporting
Seth Hall
seth at icir.org
Thu Oct 18 08:19:01 PDT 2012
On Oct 18, 2012, at 8:06 AM, ian <ian at south-border.com> wrote:
>>> P.S. the IPv6 issue stands - still cannot quickly tell where the
>>> state if the TCP connection lies without SNORT for example….
>>
>> Have you looked in conn.log? You should be able to see information
>> for both sides of the v6 connection, and that should at least tell
>> you
>> if you're dealing with link-local, expected v6 space on your network,
>> or something else.
>
> I will.
If I understood you right from the earlier email, you are seeing IPv6 in your conn.log which you aren't expecting to see. Is that right? If it is, could you send some of these unexpected log lines containing IPv6 address space? There are a couple of things I could imagine that are going on here which could cause that.
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list