|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jim Kipp (jkipp5
home.com)Date: Sat Mar 17 2001 - 08:04:07 CST
Hi
I recently got snort up and running. I just reviewed the snort log
files and found it's first entry.
WHere can I find info on interpreting the packets that it logs ?? Here
is a snipped of what was in this entry:
01/05-15:26:54.896182 0:50:73:1:6C:A8 -> 0:60:8:38:86:FA type:0x800
len:0x6E
216.253.248.140:850 -> 24.40.74.92:111 TCP TTL:44 TOS:0x0 ID:48709 DF
*****PA* Seq: 0x8012565C Ack: 0x56397446 Win: 0x7D78
TCP Options => NOP NOP TS: 26167343 24687884
80 00 00 28 49 07 FF 27 00 00 00 00 00 00 00 02 ...(I..'........
00 01 86 A0 00 00 00 02 00 00 00 04 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 ............
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
The other packets look similar.
Also I keep getting the following in my sytstem logs. It looks like
something logged by ipchains,:
Mar 16 21:19:25 jerry kernel: Packet log: input DENY eth0 PROTO=17
202.12.27.33:53 24.40.74.92:64248 L=462 S=0x00 I=36353 F=0x0000 T=44
(#14)
Mar 16 21:19:25 jerry kernel: Packet log: input DENY eth0 PROTO=17
202.12.27.33:53 24.40.74.92:64248 L=462 S=0x00 I=36353 F=0x0000 T=44
(#14)
-------------------------------------
Thanks for any help.
Jim
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]