[Snort-users] mpls

Matthew Watchinski mwatchinski at ...1935...
Fri Jun 15 10:20:45 EDT 2007

MPLS is currently not supported in the decode engine in snort.  The best
way to deploy is on either side of the MPLS tunnel, so the router
scripts the headers for you.


Paul Melson wrote:
>> I need to sniff a link that uses mpls headers. Does
>> any one have some advice for doing this successfully?
>>From http://www.snort.org/users/roesch/Site/Snort%203.0.html
> "...most specifically the new protocol decoders that have been added
> for Snort 3.0 including IPv6, MPLS, GRE and 802.1q as well as the new
> TCP and IP option decoders."
> I'd say Snort 3.0 is your best bet.  Otherwise you're in uncharted
> waters, I think.  If you had to use 2.6.x right now, you might be able
> to use something like mpls-linux and bridging and then have Snort
> attach to the Ethernet bridge interface.  I have no idea if that would
> actually work, though.
> PaulM
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list