[Snort-users] playback and udp
gsarsons at ...3971...
Sat Nov 17 11:16:02 EST 2001
Is it possible when during playback specifying udp as the tfc type that
the destination udp port be empty?
Why? Well I have a script the parses the playback and when I look at
inbound udp traffic at a point on the network the totals traffic by port
there is and entry for ' '
The output should be
<port number> <hits> <total octets>
For some reason inbound traffic going to a subnet I see
67 852 384811
if I do the same thing with outbound
21 22 2074
25 60 2040
or even tcp outbound
1 9 432
20 1 48
I'm stumped so I guess it there anything that could make a udp packet
have not port or appear to have no port defined.
More information about the Snort-users