[Snort-devel] csv_output icmp info ignored
alan at ...2398...
Thu Apr 22 01:31:03 EDT 2004
I've noted a bug represented in the csv output plugin whereby none of
the icmptype, icmppcode, icmpid, icmpseq info is getting output. This
is most probably because the p->icmph is NULL.
I note from other plugins such as log_tcpdump, that it does manage to
record the ICMP info. This plugin uses pcap_dump which doesn't exercise
the packet header at all.
I am wondering if perhaps the icmp info is getting written into some
part of the Packet* struct other than icmph. I will be looking into
this further, but hope that perhaps someone on the list can enlighten me
as to what gives (I'm using snort 2.1.1)
More information about the Snort-devel