[Snort-users] Strange scan

Michael Schwartzkopff misch at ...4627...
Mon Jan 21 04:31:06 EST 2002


Hi,

I get some strange scans for some weeks now. The scans would not stop so I 
decided to investigate it further and did set up some tcpdump. Please see the 
file attached. Can please someone help me to explain the aim of this scan ?
There are some strange things in this scan:

1) The scan originates from a private IP Adress, but it is a TCP SYN scan. So 
the scanner wants an answer, but this should be difficult using a private 
source address in the internet.

2) When he wants to get the answer he should be located somewhere close to 
our net to catch the answer of our system. But the TTL of 241 tells me the he 
is most propably 14 hops (255 - 241) away. That soome to be far for an answer 
to a private IP address.

3) Can somebody explain what OS is running with that characteristics ?

Thanks for any help.


-- 
Dr. Michael Schwartzkopff
Multinet GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 50
Fax: (+49 89) 456 911 21
-------------- next part --------------
03:30:19.268588 192.168.50.36.62991 > xxx.xxx.138.34.514: S [tcp sum ok] 881097828:881097828(0) win 8760 <mss 1460> (DF) (ttl 241, id 29781, len 44)
03:30:20.508588 192.168.50.36.63664 > xxx.xxx.138.40.514: S [tcp sum ok] 922269788:922269788(0) win 8760 <mss 1460> (DF) (ttl 241, id 30831, len 44)
03:30:20.508588 192.168.50.36.63665 > xxx.xxx.138.41.514: S [tcp sum ok] 922357787:922357787(0) win 8760 <mss 1460> (DF) (ttl 241, id 30831, len 44)
03:30:20.508588 192.168.50.36.63666 > xxx.xxx.138.42.514: S [tcp sum ok] 922443496:922443496(0) win 8760 <mss 1460> (DF) (ttl 241, id 30831, len 44)
03:30:20.508588 192.168.50.36.63667 > xxx.xxx.138.43.514: S [tcp sum ok] 922473973:922473973(0) win 8760 <mss 1460> (DF) (ttl 241, id 30831, len 44)
03:30:20.508588 192.168.50.36.63668 > xxx.xxx.138.44.514: S [tcp sum ok] 922552163:922552163(0) win 8760 <mss 1460> (DF) (ttl 241, id 30831, len 44)
03:30:20.508588 192.168.50.36.63669 > xxx.xxx.138.45.514: S [tcp sum ok] 922659072:922659072(0) win 8760 <mss 1460> (DF) (ttl 241, id 30841, len 44)
03:30:20.508588 192.168.50.36.63670 > xxx.xxx.138.46.514: S [tcp sum ok] 922692062:922692062(0) win 8760 <mss 1460> (DF) (ttl 241, id 30841, len 44)
03:30:20.508588 192.168.50.36.63671 > xxx.xxx.138.47.514: S [tcp sum ok] 922782710:922782710(0) win 8760 <mss 1460> (DF) (ttl 241, id 30841, len 44)
03:30:22.768588 192.168.50.36.62991 > xxx.xxx.138.34.514: S [tcp sum ok] 881097828:881097828(0) win 8760 <mss 1460> (DF) (ttl 241, id 29782, len 44)
03:30:23.808588 192.168.50.36.63668 > xxx.xxx.138.44.514: S [tcp sum ok] 922552163:922552163(0) win 8760 <mss 1460> (DF) (ttl 241, id 30832, len 44)
03:30:23.808588 192.168.50.36.63665 > xxx.xxx.138.41.514: S [tcp sum ok] 922357787:922357787(0) win 8760 <mss 1460> (DF) (ttl 241, id 30832, len 44)
03:30:23.808588 192.168.50.36.63667 > xxx.xxx.138.43.514: S [tcp sum ok] 922473973:922473973(0) win 8760 <mss 1460> (DF) (ttl 241, id 30832, len 44)
03:30:23.818588 192.168.50.36.63664 > xxx.xxx.138.40.514: S [tcp sum ok] 922269788:922269788(0) win 8760 <mss 1460> (DF) (ttl 241, id 30832, len 44)
03:30:23.818588 192.168.50.36.63666 > xxx.xxx.138.42.514: S [tcp sum ok] 922443496:922443496(0) win 8760 <mss 1460> (DF) (ttl 241, id 30832, len 44)
03:30:23.828588 192.168.50.36.63671 > xxx.xxx.138.47.514: S [tcp sum ok] 922782710:922782710(0) win 8760 <mss 1460> (DF) (ttl 241, id 30842, len 44)
03:30:23.828588 192.168.50.36.63670 > xxx.xxx.138.46.514: S [tcp sum ok] 922692062:922692062(0) win 8760 <mss 1460> (DF) (ttl 241, id 30842, len 44)
03:30:23.828588 192.168.50.36.63669 > xxx.xxx.138.45.514: S [tcp sum ok] 922659072:922659072(0) win 8760 <mss 1460> (DF) (ttl 241, id 30842, len 44)
03:30:24.248588 192.168.50.36.62991 > xxx.xxx.138.34.514: R [tcp sum ok] 881097829:881097829(0) win 8760 (DF) (ttl 241, id 29783, len 40)
03:30:24.248588 192.168.50.36.63664 > xxx.xxx.138.40.514: R [tcp sum ok] 922269789:922269789(0) win 8760 (DF) (ttl 241, id 30833, len 40)
03:30:24.248588 192.168.50.36.63665 > xxx.xxx.138.41.514: R [tcp sum ok] 922357788:922357788(0) win 8760 (DF) (ttl 241, id 30833, len 40)
03:30:24.248588 192.168.50.36.63668 > xxx.xxx.138.44.514: R [tcp sum ok] 922552164:922552164(0) win 8760 (DF) (ttl 241, id 30833, len 40)
03:30:24.248588 192.168.50.36.63666 > xxx.xxx.138.42.514: R [tcp sum ok] 922443497:922443497(0) win 8760 (DF) (ttl 241, id 30833, len 40)
03:30:24.248588 192.168.50.36.63667 > xxx.xxx.138.43.514: R [tcp sum ok] 922473974:922473974(0) win 8760 (DF) (ttl 241, id 30833, len 40)
03:30:24.248588 192.168.50.36.63670 > xxx.xxx.138.46.514: R [tcp sum ok] 922692063:922692063(0) win 8760 (DF) (ttl 241, id 30843, len 40)
03:30:24.268588 192.168.50.36.63671 > xxx.xxx.138.47.514: R [tcp sum ok] 922782711:922782711(0) win 8760 (DF) (ttl 241, id 30843, len 40)
03:30:24.268588 192.168.50.36.63669 > xxx.xxx.138.45.514: R [tcp sum ok] 922659073:922659073(0) win 8760 (DF) (ttl 241, id 30843, len 40)
04:58:18.988588 192.168.50.36.51171 > xxx.xxx.138.34.514: S [tcp sum ok] 2769096303:2769096303(0) win 8760 <mss 1460> (DF) (ttl 241, id 505, len 44)
04:58:18.988588 192.168.50.36.51177 > xxx.xxx.138.40.514: S [tcp sum ok] 2769543192:2769543192(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:18.988588 192.168.50.36.51179 > xxx.xxx.138.42.514: S [tcp sum ok] 2769682462:2769682462(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:18.988588 192.168.50.36.51180 > xxx.xxx.138.43.514: S [tcp sum ok] 2769745170:2769745170(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:18.988588 192.168.50.36.51178 > xxx.xxx.138.41.514: S [tcp sum ok] 2769603371:2769603371(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:19.008588 192.168.50.36.51181 > xxx.xxx.138.44.514: S [tcp sum ok] 2769861938:2769861938(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:19.008588 192.168.50.36.51182 > xxx.xxx.138.45.514: S [tcp sum ok] 2769926476:2769926476(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:19.008588 192.168.50.36.51183 > xxx.xxx.138.46.514: S [tcp sum ok] 2769927675:2769927675(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:19.008588 192.168.50.36.51184 > xxx.xxx.138.47.514: S [tcp sum ok] 2770045717:2770045717(0) win 8760 <mss 1460> (DF) (ttl 241, id 515, len 44)
04:58:22.478588 192.168.50.36.51171 > xxx.xxx.138.34.514: S [tcp sum ok] 2769096303:2769096303(0) win 8760 <mss 1460> (DF) (ttl 241, id 506, len 44)
04:58:22.488588 192.168.50.36.51184 > xxx.xxx.138.47.514: S [tcp sum ok] 2770045717:2770045717(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.498588 192.168.50.36.51183 > xxx.xxx.138.46.514: S [tcp sum ok] 2769927675:2769927675(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.498588 192.168.50.36.51181 > xxx.xxx.138.44.514: S [tcp sum ok] 2769861938:2769861938(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.498588 192.168.50.36.51182 > xxx.xxx.138.45.514: S [tcp sum ok] 2769926476:2769926476(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.498588 192.168.50.36.51178 > xxx.xxx.138.41.514: S [tcp sum ok] 2769603371:2769603371(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.498588 192.168.50.36.51180 > xxx.xxx.138.43.514: S [tcp sum ok] 2769745170:2769745170(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.508588 192.168.50.36.51177 > xxx.xxx.138.40.514: S [tcp sum ok] 2769543192:2769543192(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.508588 192.168.50.36.51179 > xxx.xxx.138.42.514: S [tcp sum ok] 2769682462:2769682462(0) win 8760 <mss 1460> (DF) (ttl 241, id 516, len 44)
04:58:22.808588 192.168.50.36.51171 > xxx.xxx.138.34.514: R [tcp sum ok] 2769096304:2769096304(0) win 8760 (DF) (ttl 241, id 507, len 40)
04:58:22.808588 192.168.50.36.51177 > xxx.xxx.138.40.514: R [tcp sum ok] 2769543193:2769543193(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51178 > xxx.xxx.138.41.514: R [tcp sum ok] 2769603372:2769603372(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51181 > xxx.xxx.138.44.514: R [tcp sum ok] 2769861939:2769861939(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51179 > xxx.xxx.138.42.514: R [tcp sum ok] 2769682463:2769682463(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51180 > xxx.xxx.138.43.514: R [tcp sum ok] 2769745171:2769745171(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51183 > xxx.xxx.138.46.514: R [tcp sum ok] 2769927676:2769927676(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51182 > xxx.xxx.138.45.514: R [tcp sum ok] 2769926477:2769926477(0) win 8760 (DF) (ttl 241, id 517, len 40)
04:58:22.808588 192.168.50.36.51184 > xxx.xxx.138.47.514: R [tcp sum ok] 2770045718:2770045718(0) win 8760 (DF) (ttl 241, id 517, len 40)
09:11:40.818588 192.168.50.36.44676 > xxx.xxx.138.34.514: S [tcp sum ok] 412121304:412121304(0) win 8760 <mss 1460> (DF) (ttl 241, id 61869, len 44)
09:11:40.818588 192.168.50.36.44682 > xxx.xxx.138.40.514: S [tcp sum ok] 412513486:412513486(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.818588 192.168.50.36.44684 > xxx.xxx.138.42.514: S [tcp sum ok] 412641066:412641066(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.818588 192.168.50.36.44683 > xxx.xxx.138.41.514: S [tcp sum ok] 412574971:412574971(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.818588 192.168.50.36.44685 > xxx.xxx.138.43.514: S [tcp sum ok] 412675414:412675414(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.818588 192.168.50.36.44686 > xxx.xxx.138.44.514: S [tcp sum ok] 412701268:412701268(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.828588 192.168.50.36.44687 > xxx.xxx.138.45.514: S [tcp sum ok] 412709639:412709639(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.828588 192.168.50.36.44688 > xxx.xxx.138.46.514: S [tcp sum ok] 412798778:412798778(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:40.828588 192.168.50.36.44689 > xxx.xxx.138.47.514: S [tcp sum ok] 412810166:412810166(0) win 8760 <mss 1460> (DF) (ttl 241, id 61879, len 44)
09:11:44.308588 192.168.50.36.44676 > xxx.xxx.138.34.514: S [tcp sum ok] 412121304:412121304(0) win 8760 <mss 1460> (DF) (ttl 241, id 61870, len 44)
09:11:44.318588 192.168.50.36.44689 > xxx.xxx.138.47.514: S [tcp sum ok] 412810166:412810166(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44688 > xxx.xxx.138.46.514: S [tcp sum ok] 412798778:412798778(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44686 > xxx.xxx.138.44.514: S [tcp sum ok] 412701268:412701268(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44687 > xxx.xxx.138.45.514: S [tcp sum ok] 412709639:412709639(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44683 > xxx.xxx.138.41.514: S [tcp sum ok] 412574971:412574971(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44685 > xxx.xxx.138.43.514: S [tcp sum ok] 412675414:412675414(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44682 > xxx.xxx.138.40.514: S [tcp sum ok] 412513486:412513486(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.328588 192.168.50.36.44684 > xxx.xxx.138.42.514: S [tcp sum ok] 412641066:412641066(0) win 8760 <mss 1460> (DF) (ttl 241, id 61880, len 44)
09:11:44.528588 192.168.50.36.44676 > xxx.xxx.138.34.514: R [tcp sum ok] 412121305:412121305(0) win 8760 (DF) (ttl 241, id 61871, len 40)
09:11:44.538588 192.168.50.36.44682 > xxx.xxx.138.40.514: R [tcp sum ok] 412513487:412513487(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44683 > xxx.xxx.138.41.514: R [tcp sum ok] 412574972:412574972(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44684 > xxx.xxx.138.42.514: R [tcp sum ok] 412641067:412641067(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44686 > xxx.xxx.138.44.514: R [tcp sum ok] 412701269:412701269(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44685 > xxx.xxx.138.43.514: R [tcp sum ok] 412675415:412675415(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44688 > xxx.xxx.138.46.514: R [tcp sum ok] 412798779:412798779(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44689 > xxx.xxx.138.47.514: R [tcp sum ok] 412810167:412810167(0) win 8760 (DF) (ttl 241, id 61881, len 40)
09:11:44.538588 192.168.50.36.44687 > xxx.xxx.138.45.514: R [tcp sum ok] 412709640:412709640(0) win 8760 (DF) (ttl 241, id 61881, len 40)
17:00:06.908588 192.168.50.36.54045 > xxx.xxx.138.34.514: S [tcp sum ok] 645673603:645673603(0) win 8760 <mss 1460> (DF) (ttl 241, id 49985, len 44)
17:00:06.918588 192.168.50.36.54051 > xxx.xxx.138.40.514: S [tcp sum ok] 645952441:645952441(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54052 > xxx.xxx.138.41.514: S [tcp sum ok] 645984080:645984080(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54053 > xxx.xxx.138.42.514: S [tcp sum ok] 646046585:646046585(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54054 > xxx.xxx.138.43.514: S [tcp sum ok] 646123959:646123959(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54057 > xxx.xxx.138.46.514: S [tcp sum ok] 646332629:646332629(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54055 > xxx.xxx.138.44.514: S [tcp sum ok] 646199019:646199019(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.918588 192.168.50.36.54058 > xxx.xxx.138.47.514: S [tcp sum ok] 646339243:646339243(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:06.928588 192.168.50.36.54056 > xxx.xxx.138.45.514: S [tcp sum ok] 646226516:646226516(0) win 8760 <mss 1460> (DF) (ttl 241, id 49995, len 44)
17:00:10.378588 192.168.50.36.54045 > xxx.xxx.138.34.514: R [tcp sum ok] 645673604:645673604(0) win 8760 (DF) (ttl 241, id 49986, len 40)
17:00:10.378588 192.168.50.36.54051 > xxx.xxx.138.40.514: R [tcp sum ok] 645952442:645952442(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54052 > xxx.xxx.138.41.514: R [tcp sum ok] 645984081:645984081(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54053 > xxx.xxx.138.42.514: R [tcp sum ok] 646046586:646046586(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54055 > xxx.xxx.138.44.514: R [tcp sum ok] 646199020:646199020(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54054 > xxx.xxx.138.43.514: R [tcp sum ok] 646123960:646123960(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54057 > xxx.xxx.138.46.514: R [tcp sum ok] 646332630:646332630(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54056 > xxx.xxx.138.45.514: R [tcp sum ok] 646226517:646226517(0) win 8760 (DF) (ttl 241, id 49996, len 40)
17:00:10.388588 192.168.50.36.54058 > xxx.xxx.138.47.514: R [tcp sum ok] 646339244:646339244(0) win 8760 (DF) (ttl 241, id 49996, len 40)
04:19:15.189801 192.168.50.36.38781 > xxx.xxx.138.34.111: S [tcp sum ok] 38378037:38378037(0) win 8760 <mss 1460> (DF) (ttl 241, id 49085, len 44)
04:19:15.189801 192.168.50.36.38787 > xxx.xxx.138.40.111: S [tcp sum ok] 38851751:38851751(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.189801 192.168.50.36.38788 > xxx.xxx.138.41.111: S [tcp sum ok] 38949425:38949425(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.189801 192.168.50.36.38789 > xxx.xxx.138.42.111: S [tcp sum ok] 38965545:38965545(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.199801 192.168.50.36.38790 > xxx.xxx.138.43.111: S [tcp sum ok] 39027369:39027369(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.199801 192.168.50.36.38791 > xxx.xxx.138.44.111: S [tcp sum ok] 39067089:39067089(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.199801 192.168.50.36.38792 > xxx.xxx.138.45.111: S [tcp sum ok] 39098528:39098528(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.199801 192.168.50.36.38793 > xxx.xxx.138.46.111: S [tcp sum ok] 39117922:39117922(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:15.199801 192.168.50.36.38794 > xxx.xxx.138.47.111: S [tcp sum ok] 39233594:39233594(0) win 8760 <mss 1460> (DF) (ttl 241, id 49095, len 44)
04:19:17.789801 192.168.50.36.38781 > xxx.xxx.138.34.111: R [tcp sum ok] 38378038:38378038(0) win 8760 (DF) (ttl 241, id 49086, len 40)
04:19:18.689801 192.168.50.36.38794 > xxx.xxx.138.47.111: S [tcp sum ok] 39233594:39233594(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.689801 192.168.50.36.38793 > xxx.xxx.138.46.111: S [tcp sum ok] 39117922:39117922(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38791 > xxx.xxx.138.44.111: S [tcp sum ok] 39067089:39067089(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38792 > xxx.xxx.138.45.111: S [tcp sum ok] 39098528:39098528(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38788 > xxx.xxx.138.41.111: S [tcp sum ok] 38949425:38949425(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38790 > xxx.xxx.138.43.111: S [tcp sum ok] 39027369:39027369(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38787 > xxx.xxx.138.40.111: S [tcp sum ok] 38851751:38851751(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:18.699801 192.168.50.36.38789 > xxx.xxx.138.42.111: S [tcp sum ok] 38965545:38965545(0) win 8760 <mss 1460> (DF) (ttl 241, id 49096, len 44)
04:19:19.009801 192.168.50.36.38787 > xxx.xxx.138.40.111: R [tcp sum ok] 38851752:38851752(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38788 > xxx.xxx.138.41.111: R [tcp sum ok] 38949426:38949426(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38791 > xxx.xxx.138.44.111: R [tcp sum ok] 39067090:39067090(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38789 > xxx.xxx.138.42.111: R [tcp sum ok] 38965546:38965546(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38790 > xxx.xxx.138.43.111: R [tcp sum ok] 39027370:39027370(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38793 > xxx.xxx.138.46.111: R [tcp sum ok] 39117923:39117923(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38794 > xxx.xxx.138.47.111: R [tcp sum ok] 39233595:39233595(0) win 8760 (DF) (ttl 241, id 49097, len 40)
04:19:19.009801 192.168.50.36.38792 > xxx.xxx.138.45.111: R [tcp sum ok] 39098529:39098529(0) win 8760 (DF) (ttl 241, id 49097, len 40)


More information about the Snort-users mailing list