Hiya,

Can anyone help me with this one ?

How can I tell what type of packet this is ? (RTP, RTCP etc etc)
Are there any tools that can 'decode' the payload like the way SnifferPro
recognises packet type based on Ports/payloads etc etc ?

This packet keeps hitting my media gateways, but it doesn't look like a media-
streaming- packet to me :

UDP Length 136
SRC Port 63893 DST 17959
Ver 4 Lngth 5 TOS 0 Lng 156
ID 9635 Flags 0 OffSet 0
TTL 109 Checksum 355

PAYLOAD
 length = 128

000 : 82 C8 00 12 17 22 16 90 3E 07 98 F1 83 84 20 00 ....."..>..... .
010 : 91 34 49 46 00 00 02 6C 00 00 3A 20 10 8A 06 13 .4IF...l..: ....
020 : 08 00 00 20 00 00 CD C6 00 00 00 66 6C BD CD 5B ... .......fl..[
030 : 00 01 3C A8 10 8A 26 13 00 00 00 01 00 00 CD 5F ..<...&........_
040 : 00 00 00 00 00 00 00 00 00 00 00 00 81 CA 00 0C ................
050 : 17 22 16 90 01 16 41 64 6D 69 6E 69 73 74 72 61 ."....Administra
060 : 74 6F 72 40 4C 41 47 42 41 4A 41 00 02 0E 41 64 torLAGBAJA...Ad
070 : 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 00 00 ministrator.....

Any Help would be greatly appreciated !
Cheers
YPnk.

----------------------------------------------------------
This message was sent using http://uk2.net
NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD - 25/month
FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email

-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]