Re: [Snort-users] Strange packet
This is a discussion on Re: [Snort-users] Strange packet within the Snort forums, part of the System Security and Security Related category; > Anyone have an idea of what is this? > 2004-05-12 11:01:08.707097 IP (tos 0x0, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-12-2004
|
|||
|
|||
Re: [Snort-users] Strange packet
> Anyone have an idea of what is this?
> 2004-05-12 11:01:08.707097 IP (tos 0x0, ttl 255, id 9278, offset 0, flags > [none], length: 576, bad cksum 3560 (->aa84)!) 186.186.186.186.47802 > > 186.186.186.186.47802: UDP, length: 47794 186.186.186.186 equals 0xBABABABA, and the 47802 port also equals 0xBABA -- so it's certainly a mangled packet. The TTL of 255 means that it must have been generated locally, not to mention the reserved address space of 186/8. Use the -e switch (for snort or tcpdump) to get the MAC address of the sender (assuming that's not getting garbled, too), and track it down that way. HTH. -- Tod ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg...rom=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
