Hi,
I am wondering if Bro is able to capture and analyze IGMP packets ?
I tried to turn all filters off ("redef capture_filters = {};" at the end of
brolite-sigs.bro)
I built a very simple signature:
signature header3
{
src-ip == 10.92.39.3
event "Header 3"
}
When I run with this on a trace containing only IGMP traffic, nothing appends
even though there is plenty of packets with src-ip == 10.92.39.3 in the trace.
I tried running with the same config on a trace containing TCP, and there I get
the alarms.
Is there any way to get Bro to analyze IGMP packets ?
Thanks!