[Snort-users] mpls

Martin Roesch roesch at ...1935...
Fri Jun 15 10:12:29 EDT 2007

Hash: SHA1

Please be aware that Snort 3 doesn't have a detection engine yet, so  
apart from decoding and printing the packets in four fun-filled  
modes, it doesn't do a whole lot yet.

I'm working on a new release that'll let you actually start analyzing  
packets, stay tuned!


On Jun 15, 2007, at 7:30 AM, Paul Melson wrote:

>> I need to sniff a link that uses mpls headers. Does
>> any one have some advice for doing this successfully?
>> From http://www.snort.org/users/roesch/Site/Snort%203.0.html
> "...most specifically the new protocol decoders that have been added
> for Snort 3.0 including IPv6, MPLS, GRE and 802.1q as well as the new
> TCP and IP option decoders."
> I'd say Snort 3.0 is your best bet.  Otherwise you're in uncharted
> waters, I think.  If you had to use 2.6.x right now, you might be able
> to use something like mpls-linux and bridging and then have Snort
> attach to the Ethernet bridge interface.  I have no idea if that would
> actually work, though.
> PaulM
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

Version: GnuPG v1.4.5 (Darwin)


More information about the Snort-users mailing list