[Snort-devel] csv_output icmp info ignored

Alan Milligan alan at ...2398...
Thu Apr 22 01:31:03 EDT 2004


I've noted a bug represented in the csv output plugin whereby none of 
the icmptype, icmppcode, icmpid, icmpseq info is getting output.  This 
is most probably because the p->icmph is NULL.

I note from other plugins such as log_tcpdump, that it does manage to 
record the ICMP info.  This plugin uses pcap_dump which doesn't exercise 
the packet header at all.

I am wondering if perhaps the icmp info is getting written into some 
part of the Packet* struct other than icmph.  I will be looking into 
this further, but hope that perhaps someone on the list can enlighten me 
as to what gives (I'm using snort 2.1.1)

Cheers, Alan

