[Snort-users] Cisco Proprietary Protocol and Snort

Jutichai Thongkrachai thsecmaniac at ...11827...
Mon Jan 26 23:45:42 EST 2015


My Snort keep telling me that it detect "snort_decoder: WARNING:
BAD-TRAFFIC Bad IP protocol" (Sid:450,Gid:116) hourly which come from my
Cisco Switch send Multicast Packet to the Network with its proprietary PIM
protocol (sparse-dense-mode).

I'm curious that my Snort cannot decode Cisco PIM Protocol. So,it detect as
"WARNING: BAD-TRAFFIC Bad IP protocol" Is it possible?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150127/7d7e5297/attachment.html>

More information about the Snort-users mailing list