[Snort-users] MISC same SRC/DST == broadcast to broadcast

Tom Sevy tsevy at ...1701...
Tue Jan 29 06:15:07 EST 2002


I've had Snort/Mysql/Acid running since August 2001, and have never seen
this before.  I am very very curious as to how a packet shows up on the
External side of our FW with a source and destination of 255.255.255.255  --
I would first suspect a misconfigured ip device, but nothing new has been
introduced and no changes have been made in the last week or so.

If anyone can shed any light on this I would appreciate it.

Generated by ACID v0.9.6b13 on Tue January 29, 2002 09:10:03

----------------------------------------------------------------------------
--
#(1 - 169464) [2002-01-28 19:50:53]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
      hlen=5 TOS=0 dlen=500 ID=27749 flags=0 offset=0 TTL=50 chksum=6821
ICMP: type=Echo Request code=0
      checksum=63487 id=0 seq=0
Payload:  length = 472

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1d0 : 00 00 00 00 00 00 00 00                           ........
----------------------------------------------------------------------------
--
#(1 - 169465) [2002-01-28 19:50:53]  MISC same SRC/DST
IPv4: 255.255.255.255 -> 255.255.255.255
      hlen=5 TOS=0 dlen=500 ID=27750 flags=0 offset=0 TTL=49 chksum=7076
ICMP: type=Echo Request code=0
      checksum=63487 id=0 seq=0
Payload:  length = 472

000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
1d0 : 00 00 00 00 00 00 00 00                           ........




More information about the Snort-users mailing list