[Snort-sigs] field of icmpv6 (Router Advertisement message)

Joel Esler jesler at ...435...
Sun Nov 29 11:25:12 EST 2009


You might want to look into the "ip_proto" keyword.

J

On Sun, Nov 29, 2009 at 4:23 AM, sofia insat <sofia.insat at ...174...> wrote:

> Hi everyone,
>
> I want to know how can I detect options field of Router Advertisement (for impv6)
> I want to detect options like: Source link-layer address, Prefix Information, Mtu
>
> this is the Router Advertisement Message Format <http://www.networksorcery.com/enp/rfc/rfc2461.txt> :
>
>
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |     Type      |     Code      |          Checksum             |
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      | Cur Hop Limit |M|O|  Reserved |       Router Lifetime         |
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |                         Reachable Time                        |
>
>
>  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |                          Retrans Timer                        |
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |   Options ...
>      +-+-+-+-+-+-+-+-+-+-+-+-
>
> do you have any ideas?
> thanks
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>

-- 
Joel Esler | 302-223-5974 | Gtalk: jesler at ...435...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091129/e28b43e8/attachment.html>


More information about the Snort-sigs mailing list