[Bro] Something is not clear to me concerning reporting
Seth Hall
seth at icir.org
Thu Oct 18 18:13:13 PDT 2012
On Oct 18, 2012, at 5:12 PM, Ian Dickens <ian at south-border.com> wrote:
> This was from a few days ago…
<trimming the logs>
This is link-local multicast traffic. It's just a host or hosts on your network looking around for other hosts using a neighbor solicitation ICMP message. This is totally unrelated to if you "have" IPv6 or not since it's only intended for other hosts on your local network and have nothing to do with your gateway.
Anyway, moving forward, I went back and read your initial message and I think you might be a little confused about what Bro is doing and what it's intended to do. Could you try clarifying your questions and better explain the output you are looking for?
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list