[Snort-users] Time based oddity.

Erek Adams erek at ...577...
Thu Oct 5 13:12:19 EDT 2000


Ok, I'm a bit baffled at this:

[Line Numbers added for easier reading... :) ]


Oct  3 02:12:16 202.103.237.30:35784 -> xxx.yyy.xxx.66:80 SYN **S*****   1
Oct  3 02:12:17 202.103.237.30:36385 -> xxx.yyy.xxx.71:80 SYN **S*****   2
Oct  3 02:12:16 202.103.237.30:36384 -> xxx.yyy.xxx.70:80 SYN **S*****   3
Oct  3 02:12:18 202.103.237.30:37058 -> xxx.yyy.xxx.67:80 SYN **S*****   4
Oct  3 02:12:18 202.103.237.30:37089 -> xxx.yyy.xxx.69:80 SYN **S*****   5
Oct  3 02:12:18 202.103.237.30:37092 -> xxx.yyy.xxx.68:80 SYN **S*****   6
Oct  3 02:12:18 202.103.237.30:37363 -> xxx.yyy.xxx.82:80 SYN **S*****   7
Oct  3 02:12:18 202.103.237.30:37383 -> xxx.yyy.xxx.86:80 SYN **S*****   8
Oct  3 02:12:19 202.103.237.30:37698 -> xxx.yyy.xxx.73:80 SYN **S*****   9
Oct  4 18:08:54 202.103.237.30:25412 -> xxx.yyy.xxx.66:80 SYN **S*****  10 
Oct  4 18:08:51 202.103.237.30:25414 -> xxx.yyy.xxx.67:80 SYN **S*****  11
Oct  4 18:08:51 202.103.237.30:64165 -> xxx.yyy.xxx.68:80 SYN **S*****  12
Oct  4 18:08:53 202.103.237.30:64167 -> xxx.yyy.xxx.69:80 SYN **S*****  13
Oct  4 18:08:53 202.103.237.30:64168 -> xxx.yyy.xxx.70:80 SYN **S*****  14
Oct  4 18:08:53 202.103.237.30:64169 -> xxx.yyy.xxx.71:80 SYN **S*****  15
Oct  4 18:08:51 202.103.237.30:64174 -> xxx.yyy.xxx.73:80 SYN **S*****  16
Oct  4 18:08:51 202.103.237.30:64184 -> xxx.yyy.xxx.82:80 SYN **S*****  17
Oct  4 18:08:51 202.103.237.30:25465 -> xxx.yyy.xxx.86:80 SYN **S*****  18
Oct  4 18:08:54 202.103.237.30:25414 -> xxx.yyy.xxx.67:80 SYN **S*****  19 
Oct  4 18:08:54 202.103.237.30:25465 -> xxx.yyy.xxx.86:80 SYN **S*****  20



Now, notice the 'packet time' of packets 1-3.  Line one is at :16, line 2 is
:17 and then line three is :16 again?

Lines 10-20:  Again the time isn't sequential.  


Now I might be crazy, but that just doesn't seem 'normal/right'.  Questions,
Comments and Suggestions are welcome!

Has anyone else seen this?  Or have I managed to make a complete fool out of
myself? 

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




More information about the Snort-users mailing list