Bug #2217: event_type flow is missing icmpv4 (while it has icmpv6) info wherever available - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2217

closed

event_type flow is missing icmpv4 (while it has icmpv6) info wherever available

Added by Peter Manev over 6 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

4.1rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Originally reported on SELKS user list by Brandon.

This would exist for IPv6-ICMP but not for IPv4-ICMP


{
  "timestamp": "2017-09-26T00:43:30.001064+0200",
  "flow_id": 1140273124741010,
  "event_type": "flow",
  "src_ip": "2001:xxxxxxx",
  "dest_ip": "2a02:0xxxxxx",
  "proto": "IPv6-ICMP",
  "icmp_type": 1,
  "icmp_code": 0,
  "flow": {
    "pkts_toserver": 1,
    "pkts_toclient": 0,
    "bytes_toserver": 138,
    "bytes_toclient": 0,
    "start": "2017-09-26T00:43:24.331666+0200",
    "end": "2017-09-26T00:43:24.331666+0200",
    "age": 0,
    "state": "new",
    "reason": "timeout",
    "alerted": false
  }
}

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2217

event_type flow is missing icmpv4 (while it has icmpv6) info wherever available

Updated by Eric Leblond over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by brandon okuszka over 6 years ago

Updated by Andreas Herz over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by Victor Julien over 6 years ago

Updated by Victor Julien almost 6 years ago