[Snort-users] display/log IPv6 traffic ?

Dirk Geschke Dirk_Geschke at ...1344...
Fri May 14 00:22:03 EDT 2004


Hi Markus,

> I startet snort in a IPv6 network. The summary screen, displayed at exiting
> snort display the correct number of IPv6 pakets but none of them are logged
> in logfiles or displayed at the console (with -v).
> 
> Is it not possible to display/log IPv6 traffic with snort ?

no, actually snort works only with IPv4, IPv6 packets are only counted
but never analyzed. Marty seems to work on an IPv6 version of snort but
the last time it was more than experimental...

You can take a look at snort/src/decode.c and search for DecodeIPV6:
---
 * Function: DecodeIPV6(u_int8_t *, u_int32_t)
 *
 * Purpose: Just like IPX, it's just for counting.
 *
 * Arguments: pkt => ptr to the packet data
 *            len => length from here to the end of the packet
 *
 * Returns: void function
 */
void DecodeIPV6(u_int8_t *pkt, u_int32_t len)
{
    DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "IPv6 is not supported.\n"););
    pc.ipv6++;
    return;
}
---

I think you now see why it does nothing than counting the packets...

Best regards

Dirk







More information about the Snort-users mailing list