Project

General

Profile

Actions

Bug #2217

closed

event_type flow is missing icmpv4 (while it has icmpv6) info wherever available

Added by Peter Manev over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Originally reported on SELKS user list by Brandon.

This would exist for IPv6-ICMP but not for IPv4-ICMP


{
  "timestamp": "2017-09-26T00:43:30.001064+0200",
  "flow_id": 1140273124741010,
  "event_type": "flow",
  "src_ip": "2001:xxxxxxx",
  "dest_ip": "2a02:0xxxxxx",
  "proto": "IPv6-ICMP",
  "icmp_type": 1,
  "icmp_code": 0,
  "flow": {
    "pkts_toserver": 1,
    "pkts_toclient": 0,
    "bytes_toserver": 138,
    "bytes_toclient": 0,
    "start": "2017-09-26T00:43:24.331666+0200",
    "end": "2017-09-26T00:43:24.331666+0200",
    "age": 0,
    "state": "new",
    "reason": "timeout",
    "alerted": false
  }
}


Related issues 1 (0 open1 closed)

Blocked by Suricata - Feature #2292: flow: add icmpv4 and improve icmpv6 flow handlingClosedVictor JulienActions
Actions

Also available in: Atom PDF