|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Snort-devel] csv_output icmp info ignored
From: Alan Milligan <alan(at)balclutha.org>
Date: Thu Apr 22 2004 - 04:30:16 EDT
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Thu Apr 22 04:56:53 2004
Date: Thu Apr 22 2004 - 04:30:16 EDT
People,
I've noted a bug represented in the csv output plugin whereby none of the icmptype, icmppcode, icmpid, icmpseq info is getting output. This is most probably because the p->icmph is NULL.
I note from other plugins such as log_tcpdump, that it does manage to record the ICMP info. This plugin uses pcap_dump which doesn't exercise the packet header at all.
I am wondering if perhaps the icmp info is getting written into some part of the Packet* struct other than icmph. I will be looking into this further, but hope that perhaps someone on the list can enlighten me as to what gives (I'm using snort 2.1.1)
Cheers, Alan
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Thu Apr 22 04:56:53 2004
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |