[Snort-users] First thing logged by snort

Jim jkipp5 at ...530...
Fri Mar 16 21:30:05 EST 2001


Hi

I recently got snort up and running.  I just reviewed the snort log
files and found it's first entry.
WHere can I find info on interpreting the packets that it logs ??  Here
is a snipped of what was in this entry:

01/05-15:26:54.896182 0:50:73:1:6C:A8 -> 0:60:8:38:86:FA type:0x800
len:0x6E
216.253.248.140:850 -> 24.40.74.92:111 TCP TTL:44 TOS:0x0 ID:48709  DF
*****PA* Seq: 0x8012565C   Ack: 0x56397446   Win: 0x7D78
TCP Options => NOP NOP TS: 26167343 24687884
80 00 00 28 49 07 FF 27 00 00 00 00 00 00 00 02  ...(I..'........
00 01 86 A0 00 00 00 02 00 00 00 04 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00              ............

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

The other packets look similar.
Also I keep getting the following in my sytstem logs.  It looks like
something logged by ipchains,:

Mar 16 21:19:25 jerry kernel: Packet log: input DENY eth0 PROTO=17
202.12.27.33:53 24.40.74.92:64248 L=462 S=0x00 I=36353 F=0x0000 T=44
(#14)
Mar 16 21:19:25 jerry kernel: Packet log: input DENY eth0 PROTO=17
202.12.27.33:53 24.40.74.92:64248 L=462 S=0x00 I=36353 F=0x0000 T=44
(#14)
-------------------------------------

Thanks for any help.

Jim






More information about the Snort-users mailing list