No subject


Thu Nov 23 16:36:19 EST 2017


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

04/10-09:32:27.392241 1.2.3.4 -> 224.0.0.2
IGMP TTL:1 TOS:0x0 ID:54389 IpLen:24 DgmLen:32
IP Options (1) => Opt 148: 0000 1700
........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

So I tried to create a rule that looks for IGMP, but apparently it is not
supported in Snort 1.8.4 B99.

Does anyone know if support for checking additional protocols such as IGMP,
ARP etc is on the way?


Thanks,

Paul Sheahan
Manager of Information Security
Priceline.com
paul.sheahan at ...2218...






More information about the Snort-users mailing list