RE: igmp and SHADOW (tcpdump filters and igmp) - solution

From: Jerry A. Shenk (jshenk@decommunications.com)
Date: 02/07/02


From: "Jerry A. Shenk" <jshenk@decommunications.com>
To: "Focus on Intrusion Detection Systems" <FOCUS-IDS@SECURITYFOCUS.COM>
Date: Thu, 7 Feb 2002 16:01:04 -0500

filter 'net 224' - all igmp is net 224 so that filter does the trick.

> -----Original Message-----
> From: Jerry A. Shenk [mailto:jshenk@decommunications.com]
> Sent: Thursday, February 07, 2002 2:54 PM
> To: Focus on Intrusion Detection Systems
> Subject: igmp and SHADOW (tcpdump filters and igmp)
>
>
> I have a SHADOW system installed and there's an increasing amount of igmp
> traffic showing up. I can't figure out a tcpdump filter to get rid of
> that...or for that matter to show it when tcpdump is run from the
> command-line. Does anybody have any suggestions for collecting (or not)
> igmp traffic with tcpdump?
>
> --------------------------------------------------------------
> Jerry A. Shenk - MCNE, CCNA,
> GCIA (GIAC Certified Intrusion Analyst)
> GCIH (GIAC Certified Intrusion Handler)
> Sr. Systems Engineer - Computer Networking Services
> D&E Networks, Inc.
> jshenk@decommunications.com (also jas@decns.com)
> 1-877-433-8632 Fax via efax: (253) 323-5149 (new number 6/9/01)
>
> my website: http://jerryslinux.dyndns.org/jas - PGP sig. file on this site
>
>