igmp and SHADOW (tcpdump filters and igmp)

From: Jerry A. Shenk (jshenk@decommunications.com)
Date: 02/07/02


From: "Jerry A. Shenk" <jshenk@decommunications.com>
To: "Focus on Intrusion Detection Systems" <FOCUS-IDS@SECURITYFOCUS.COM>
Date: Thu, 7 Feb 2002 14:53:55 -0500

I have a SHADOW system installed and there's an increasing amount of igmp
traffic showing up. I can't figure out a tcpdump filter to get rid of
that...or for that matter to show it when tcpdump is run from the
command-line. Does anybody have any suggestions for collecting (or not)
igmp traffic with tcpdump?

--------------------------------------------------------------
Jerry A. Shenk - MCNE, CCNA,
GCIA (GIAC Certified Intrusion Analyst)
GCIH (GIAC Certified Intrusion Handler)
Sr. Systems Engineer - Computer Networking Services
D&E Networks, Inc.
jshenk@decommunications.com (also jas@decns.com)
1-877-433-8632 Fax via efax: (253) 323-5149 (new number 6/9/01)

my website: http://jerryslinux.dyndns.org/jas - PGP sig. file on this site