[Oisf-users] ICMPv4 vs ICMPv6 reporting
Peter Manev
petermanev at gmail.com
Fri Jun 2 15:11:08 UTC 2017
On Wed, May 31, 2017 at 1:57 AM, Brad Kingsbury <bradkingsbury at gmail.com> wrote:
> I'm trying to get JSON outputs for ICMPv4 and ICMPv6 flows.
>
> When I have Suricata process a simple ping (request/reply -- 2 packets) for
> both ICMPv4 and ICMPv6, they generate different outputs in the EVE.JSON
> file.
>
> ICMPv6 displays the details, including the ICMP code/type, about the
> flow/netflow, but for ICMPv4, no flow info is displayed whatsoever. The
> ICMPv4 packets are detected as ICMPv4 packets, based upon the summary line,
> but I can't see the code/type.
Is it possible to share some logs/pcap to reproduce this?
>
> Anyway to see the code/type from the ICMPv4 flows/netflows?
>
> Thanks,
> Brad
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list