[Snort-users] Missing port number in alert file.

SW s.wun at ...6605...
Wed Aug 14 22:32:06 EDT 2002


I dont' know why there is no port number shown in the alert file when there
is a Frag attach, ( for example a Teardrop attack).
Here is a sample alert msg:

[**] [113:2:1] spp_frag2: Teardrop attack [**]
08/13/02-02:02:45.980187 100.12.12.12 -> 192.168.1.2
UDP TTL:64 TOS:0x0 ID:242 IpLen:20 DgmLen:24
Frag Offset: 0x0003   Frag Size: 0x0001

Port number is missing in the second line of this msg.
Is this a bug of Snort?

Thanks
Sam







More information about the Snort-users mailing list