|
|
Re: ipx stat by proto question: msg#00004security.ids.snort.devel
Snort does not currently handle the LLC over Ethernet decoding... The length field of the Ethernet/LLC packet coincides with the type field for other Ethernet protocols (ie, IP, PPPoE, etc). Presuming the length field does not conflict with the other known protocol types -- currently known to Snort as (see decode.h), decoding Ethernet/LLC should be doable. ETHERNET_TYPE_IP 0x0800 ETHERNET_TYPE_ARP 0x0806 ETHERNET_TYPE_REVARP 0x8035 ETHERNET_TYPE_EAPOL 0x888e ETHERNET_TYPE_IPV6 0x86dd ETHERNET_TYPE_IPX 0x8137 ETHERNET_TYPE_PPPoE_DISC 0x8863 /* discovery stage */ ETHERNET_TYPE_PPPoE_SESS 0x8864 /* session stage */ ETHERNET_TYPE_8021Q 0x8100 ETHERNET_TYPE_LOOP 0x9000 Cheers. -steve rmkml wrote: > Hi, > anyone have ipx stat on snort245 ? > because recently received ipx packet, > tcpdump/ethereal confirm this, > but snort not classify this packet on ipx proto > (snort choice OTHER) > joigned ipx pcap file > Best Regards > Rmkml > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > ------------------------------------------------------------------------ > > _______________________________________________ > Snort-devel mailing list > Snort-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/snort-devel ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | ipx stat by proto question: 00004, rmkml |
|---|---|
| Next by Date: | Porting snort on ESX Server: 00004, Sachin Bhamare |
| Previous by Thread: | ipx stat by proto questioni: 00004, rmkml |
| Next by Thread: | Porting snort on ESX Server: 00004, Sachin Bhamare |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |