[Snort-users] Reading Packets?

Chris Owen chris at ...475...
Tue Oct 3 13:03:39 EDT 2000


I use the book "TCP/IP Illustrated Volume 1" by Richard Stevens.

It's supa.

 Chris.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Christopher
Northrop
Sent: Tuesday, October 03, 2000 6:19 AM
To: Snort user List
Subject: [Snort-users] Reading Packets?


Hello Group

First I would like to inform you guys/gals that this is a Very useful email
group. Very professional responses to most of the questions, and courteous.
Now that the B-llsh-t is done here is my question.

Does anyone have any good reference material on IP packet  interpretation?
Something I can look at to help me figure out what I'm looking at.  I have a
slight handle on the basics but sometimes I get packets that I have no clue
what I'm looking at.

example:
10/03-07:53:54.312623 0:50:DA:2D:FD:F -> 0:10:7B:77:8F:FA type:0x800
len:0x4E
 X.X.4.125:1029 -> X.X.135.21:5000 TCP TTL:128 TOS:0x78 ID:11776
 DF
 **S***** Seq: 0x2C0FD Ack: 0x0 Win: 0x2000
## Mostly this stuff  ?###
TCP Options => MSS: 1460 NOP WS: 0 NOP NOP TS: 0 0 NOP NOP SackOK


TIA
Chris N.





_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users




More information about the Snort-users mailing list