igmp and SHADOW (tcpdump filters and igmp)

From: Jerry A. Shenk (jshenk@decommunications.com)
Date: 02/07/02 

From: "Jerry A. Shenk" <jshenk@decommunications.com>
To: "Focus on Intrusion Detection Systems" <FOCUS-IDS@SECURITYFOCUS.COM>
Date: Thu, 7 Feb 2002 14:53:55 -0500

I have a SHADOW system installed and there's an increasing amount of igmp
traffic showing up. I can't figure out a tcpdump filter to get rid of
that...or for that matter to show it when tcpdump is run from the
command-line. Does anybody have any suggestions for collecting (or not)
igmp traffic with tcpdump?

--------------------------------------------------------------
Jerry A. Shenk - MCNE, CCNA,
GCIA (GIAC Certified Intrusion Analyst)
GCIH (GIAC Certified Intrusion Handler)
Sr. Systems Engineer - Computer Networking Services
D&E Networks, Inc.
jshenk@decommunications.com (also jas@decns.com)
1-877-433-8632 Fax via efax: (253) 323-5149 (new number 6/9/01)

my website: http://jerryslinux.dyndns.org/jas - PGP sig. file on this site

Relevant Pages

  • Re: kern/138666: [multicast] [panic] not working multicast through igmpproxy
    ... tcpdump complains that outgoing IGMP ... report and leave packets have incorrect checksum- it is always 0. ... Though I'm not sure weather it is IGMP checksum or IP checksum that is ... I have looked through the tcpdump source code, ...
    (freebsd-net)
  • Re: IGMP packets?
    ... > I have been trying to analyze igmp packets (queries, reports) with ... > Only when an interface is in promiscuous mode, the igmp ... > not doing a tcpdump. ...
    (Linux-Kernel)
  • RE: igmp and SHADOW (tcpdump filters and igmp)
    ... igmp and SHADOW (tcpdump filters and igmp) ... I have a SHADOW system installed and there's an increasing amount of igmp ... traffic showing up. ...
    (Focus-IDS)