[Snort-users] Snort 2.9 for IPv6

Russ rucombs at cisco.com
Wed Feb 21 13:14:45 EST 2018


What version of Snort and DAQ are you using?  --enable-ipv6 is kinda old 
now.  If you aren't using the latest I suggest updating.  The DAQ may 
have been updated to address this issue.

On 2/21/18 9:27 AM, oleg gv via Snort-users wrote:
> Daq can not sniff both on V4 and v6. So 2 instanses of snort is the 
> only way?
>
> 2018-02-21 17:17 GMT+03:00 oleg gv <oagvozd at gmail.com 
> <mailto:oagvozd at gmail.com>>:
>
>     Hello,
>     I can not see alert on the next rules
>
>     alert ip any any --> IPV6_ADDRESS any (...)
>
>     alert icmp any any --> IPV6_ADDRESS any (...)
>
>     I use ping6 to test it.
>
>     Ipv4 test works fine.
>
>     Snort is build with --enable-ipv6 and uses ip6tables NFQUEUE.
>
>     Other ipv6 tcp/udp alerts also works fine.
>
>     Is it possible to detect IPv6 addresses in ip/icmp protocol rules  ?
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180221/7f9fc002/attachment.html>


More information about the Snort-users mailing list