[Snort-users] SRC and DEST ip-address

Henning Bo Andersen hba at ...1193...
Mon Jan 22 16:36:13 EST 2001


Hi

I just compiled snort on my SGI today and snort seems to work besides
that the source and destination addresses always are 255.255.255.255
the ethers are diffrent

snort -v -e
01/22-22:33:21.131396 8:0:20:19:52:A6 -> 8:0:69:5:22:48 type:0x800
len:0x3C
255.255.255.255:32805 -> 255.255.255.255:23 TCP TTL:255 TOS:0x0 ID:45085
IpLen:20 DgmLen:40 DF
***A**** Seq: 0x6F1E7B0D  Ack: 0x79F4AA7C  Win: 0x2238  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/22-22:33:21.131549 8:0:69:5:22:48 -> 8:0:20:19:52:A6 type:0x800
len:0x5E
255.255.255.255:23 -> 255.255.255.255:32805 TCP TTL:60 TOS:0x10 ID:11346
IpLen:20 DgmLen:80 DF
***AP*** Seq: 0x79F4AA7C  Ack: 0x6F1E7B0D  Win: 0xC000  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/22-22:33:21.163906 0:90:AB:81:80:0 -> 8:0:69:5:22:48 type:0x800
len:0x42
0.0.0.0:1492 -> 255.255.255.255:80 TCP TTL:107 TOS:0x1 ID:11546 IpLen:20
DgmLen:52 DF
***A**** Seq: 0x3F9172  Ack: 0x69B5AA69  Win: 0x1F74  TcpLen: 32
TCP Options (3) => NOP NOP TS: 40141 5765135
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

and so on

what am i missing ?

I have installed libpcap-0.6.1 (first i had 0.4 byt same result)

/Henning
--
Henning Bo Andersen     Department of Information and Media science
Systemadministrator        Niels Juelsgade 84, DK-8200 Århus N

Phone: +45 89 42 19 62   GSM:  +45 23 38 23 62
Fax:   +45 89 42 19 52     URL: http://imv.au.dk/~hba






More information about the Snort-users mailing list