[Snort-users] Win98 on reboot

Thorin thorinoakenshield at ...422...
Mon Mar 12 01:18:02 EST 2001


Lance,

That would be ICMP Router Discovery.

Microsoft TCP/IP supports Internet Control Message Protocol (ICMP) Router
Discovery, described in RFC 1256 <http://www.ietf.org/rfc/rfc1256.txt>. ICMP
Router Discovery enables hosts attached to broadcast networks to learn IP
addresses of neighboring routers.

Hope that helps...


----- Original Message -----
From: "Lance Spitzner" <lance at ...185...>
To: "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net>
Sent: Monday, March 12, 2001 00:11
Subject: [Snort-users] Win98 on reboot


> Rebooted Win98 desktop on my network, snort captured and
> alerted to the following.  What is my Win98 desktop trying
> to do? No packet payload in the ICMP packets :-0
>
> [**] ICMP Router Selection [**]
> 03/11-22:51:40.761942 192.168.1.100 -> 224.0.0.2
> ICMP TTL:128 TOS:0x0 ID:0 IpLen:20 DgmLen:28
> Type:10  Code:0  UNKNOWN
>
> [**] ICMP Router Selection [**]
> 03/11-22:51:43.769400 192.168.1.100 -> 224.0.0.2
> ICMP TTL:128 TOS:0x0 ID:1792 IpLen:20 DgmLen:28
> Type:10  Code:0  UNKNOWN
>
> [**] ICMP Router Selection [**]
> 03/11-22:51:46.788874 192.168.1.100 -> 224.0.0.2
> ICMP TTL:128 TOS:0x0 ID:3584 IpLen:20 DgmLen:28
> Type:10  Code:0  UNKNOWN
>
> --
> Lance Spitzner
> http://project.honeynet.org
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users





More information about the Snort-users mailing list