[Snort-users] snoop output contradicts with snort database

Jeff Jennings jjennings at ...4832...
Sat Feb 9 17:00:03 EST 2002


There's always 'format c:' if the beer doesn't work..
 
:-)
 
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Gongya Yu
Sent: Saturday, February 09, 2002 5:15 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snoop output contradicts with snort database
 
Hi, all:
    I have a win2k box compromised. After I boot up that box, I use
snoop to find that it sends
lots of packets to remote machines on port 80 from random local ports. I
set up a snort box to plugin to oracle
database. When I query tcphdr table, I found tcp_sport contains port 80,
while tcp_dport contains random ports.
any suggestions.
Gongya Yu
 
=================================
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020209/3afa664d/attachment.html>


More information about the Snort-users mailing list