argus ppp teredo
Carter Bullard
carter at qosient.com
Thu May 1 00:35:59 EDT 2014
The patch I sent gets you past the ppp header parsing issues,
but doesn't enable full teredo processing for ppp. This should
be in argus-3.0.7.6 which I'll have up tomorrow ...
Carter
On May 1, 2014, at 12:29 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey CS Lee,
> But these flows aren't teredo, or they would be ipv6 flows.
> Carter
>
> On Apr 30, 2014, at 10:40 PM, CS Lee <geek00l at gmail.com> wrote:
>
>> hi Carter,
>>
>> This is what I get from senc and denc, same thing -
>>
>> SrcAddr DstAddr sEnc dEnc
>> 94.197.69.162 83.170.6.76 p p
>> 83.170.6.77 94.197.69.162 p p
>> 94.197.69.162 83.170.6.76 p p
>> 94.197.69.162 83.170.6.76 p p
>> 94.197.69.162 83.170.6.76 p p
>> 94.197.69.162 83.170.6.76 p p
>>
>> That means the underlying teredo tunnel is not revealed by looking at the flow here unless examining the user data like I did in previous mail.
>>
>>
>>
>>
>> On Thu, May 1, 2014 at 10:31 AM, Carter Bullard <carter at qosient.com> wrote:
>> Hey CS Lee,
>> The flgs field overwrites values sometimes...you want to print the senc and denc fields to print all the encaps.
>>
>> ra -s +senc +denc
>>
>> Carter
>>
>> > On Apr 30, 2014, at 10:26 PM, CS Lee <geek00l at gmail.com> wrote:
>> >
>> > 83
>>
>>
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>> http://defcraft.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140501/dd055c5b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140501/dd055c5b/attachment.bin>
More information about the argus
mailing list