[Snort-devel] csv_output icmp info ignored

Alan Milligan alan at ...2398...
Thu Apr 22 01:31:03 EDT 2004


I've noted a bug represented in the csv output plugin whereby none of 
the icmptype, icmppcode, icmpid, icmpseq info is getting output.  This 
is most probably because the p->icmph is NULL.

I note from other plugins such as log_tcpdump, that it does manage to 
record the ICMP info.  This plugin uses pcap_dump which doesn't exercise 
the packet header at all.

I am wondering if perhaps the icmp info is getting written into some 
part of the Packet* struct other than icmph.  I will be looking into 
this further, but hope that perhaps someone on the list can enlighten me 
as to what gives (I'm using snort 2.1.1)

Cheers, Alan

More information about the Snort-devel mailing list