[Snort-users] Where or how to interpret this

./ dotslash at ...1760...
Sat Apr 7 12:56:27 EDT 2001


Right.  I've converted my snort log (snort -r ) and got this among other
things.  I just want to know how (or where) I can interpret this:

04/07-19:33:15.831746 xx.xx.xx.xx -> yy.yy.yy.yy
ICMP TTL:128 TOS:0x0 ID:58635 IpLen:20 DgmLen:56
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
yy.yy.yy.yy:53 -> xx.xx.xx.xx:17418
UDP TTL:239 TOS:0x0 ID:63931 IpLen:20 DgmLen:158
Len: 138
** END OF DUMP

where xx = internal and yy = external.



--
"The circumstances of ones birth are irrelevant.
It is what you do with the gift of life that 
determines who you are."  -- MewTwo





More information about the Snort-users mailing list