Re: IPv6Dec 21 2002 12:56PM Krzysztof Zaraska (kzaraska student uci agh edu pl)
Hello,
On Thu, 19 Dec 2002 10:33:08 -0600 (CST)
Lance Spitzner <lance (at) honeynet (dot) org [email concealed]> wrote:
> The attack and
> communications were captured using Snort, however the data could not be
> decoded due to the IPv6 encapsulation.
For the record, I've once came over a package that looks like snort with
IPv6 support, however I have never evaluated it:
http://www.tahi.org/~tanaka/snort/snort+ipv6-20011201.tgz
What's not entirely clear to me is why you weren't able to decode IPv6
traffic. Was it caused by the fact that:
- your software did not capture the IPv6 traffic, or captured it
incorrectly
- you have the (encapsulated) IPv6 traffic captured, but there is no, or
you don't have, a protocol analyzer capable of decoding it
- the IPv6 communication was protected with IPSEC
Regards,
Krzysztof
--
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
// -- Stanislaw Lem
On Thu, 19 Dec 2002 10:33:08 -0600 (CST)
Lance Spitzner <lance (at) honeynet (dot) org [email concealed]> wrote:
> The attack and
> communications were captured using Snort, however the data could not be
> decoded due to the IPv6 encapsulation.
For the record, I've once came over a package that looks like snort with
IPv6 support, however I have never evaluated it:
http://www.tahi.org/~tanaka/snort/snort+ipv6-20011201.tgz
What's not entirely clear to me is why you weren't able to decode IPv6
traffic. Was it caused by the fact that:
- your software did not capture the IPv6 traffic, or captured it
incorrectly
- you have the (encapsulated) IPv6 traffic captured, but there is no, or
you don't have, a protocol analyzer capable of decoding it
- the IPv6 communication was protected with IPSEC
Regards,
Krzysztof
--
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
// -- Stanislaw Lem
[ reply ]