ICMP echo identifier
Carter Bullard
carter at qosient.com
Fri Dec 14 10:40:47 EST 2007
Sorry for the late response.
You can filter on the keyword "echo" to get icmp echo/echo response
flows.
Is there another identifier that you are interested in?
Carter
On Nov 18, 2007, at 7:50 AM, CS Lee wrote:
> Hi Carter,
>
> Lately I have played around quite a few of scanning tools and it
> seems to be interesting that the ICMP ping sweeping can be easily
> identified by performing the tracking of the identifier, and I have
> one request, if we have already kept track of the tcp connection
> setup, maybe adding icmp echo identifier as one of the flow metric
> can be useful especially in the way of identifying large scale of
> network scanning that launched by specific tools.
>
> Anyway it is just my idea, sorry to hesitate you again since I have
> nothing to do but argus on Sunday.
>
> Thanks ;]
>
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
>
> http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20071214/a649316f/attachment.html>
More information about the argus
mailing list