224.0.0.1 = multicast Protocol 2 = IGMP Internet Group Management [RFC1112] http://www.iana.org/assignments/protocol-numbers http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guid e09186a0080080515.html Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: Kostas K [mailto:acezerocoolat_private] Sent: Monday, August 18, 2003 5:19 PM To: incidentsat_private Subject: what is this? Hi list, I captured activity with snort and i can't think of what is it? Does anybody know. 08/19-00:42:39.063639 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:44416 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:43:39.185528 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:48569 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:44:39.301674 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:51771 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:45:39.423600 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:55167 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:46:39.556458 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:58562 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 .d...... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/19-00:47:39.672239 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800 len:0x2A 194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:62338 IpLen:20 DgmLen:28 11 64 EE 9B 00 00 00 00 By the way is there any link that explains well snort's output? Thanx in advance --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 20:48:12 PDT