what is this?

From: Kostas K (acezerocoolat_private)
Date: Mon Aug 18 2003 - 17:18:54 PDT

Next message: Jeff Kell: "Re: Increasing ICMP Echo Requests"

Previous message: Kevin Patz: "Re: Increasing ICMP Echo Requests"
Next in thread: Jay DeSotel: "Re: what is this?"
Reply: Jay DeSotel: "Re: what is this?"
Reply: Fernando Cardoso: "RE: what is this?"
Reply: DeGennaro, Gregory: "RE: what is this?"
Reply: Joe Matusiewicz: "Re: what is this?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hi list, I captured activity with snort and i can't think of what is it? Does anybody know. 08/19-00:42:39.063639 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:44416 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:43:39.185528 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:48569 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:44:39.301674 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:51771 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:45:39.423600 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:55167 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:46:39.556458 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:58562 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:47:39.672239 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:62338 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 By the way is there any link that explains well snort's output? Thanx in advance --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------

Next message: Jeff Kell: "Re: Increasing ICMP Echo Requests"
Previous message: Kevin Patz: "Re: Increasing ICMP Echo Requests"
Next in thread: Jay DeSotel: "Re: what is this?"
Reply: Jay DeSotel: "Re: what is this?"
Reply: Fernando Cardoso: "RE: what is this?"
Reply: DeGennaro, Gregory: "RE: what is this?"
Reply: Joe Matusiewicz: "Re: what is this?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 09:33:12 PDT