[Snort-users] snort -r output (Absent jusqu'au 29/07/2002)

twig les twigles at ...131...
Mon Apr 21 13:43:08 EDT 2003


Dit is een engeltalige lijst.

--- Pascal Painparay <pascal.painparay at ...8874...> wrote:
> Je suis absent jusqu'au 21/04/03 inclus. 
> En cas d'urgence, Vous pouvez contacter :
>   Christophe Savin au 01 49 15 32 75.
> 
> Cdt
> Pascal Painparay
> 
> >>> twigles 04/21/03 19:50 >>>
> 
> There is no quick and easy way to know the signifigance of a
> hex
> value in a packet dump without spending a lot of time looking
> at
> them.  To learn about them get the Stephen Northcutt book
> "Network Intrusion Detection, Third Edition".  As for the
> "........" you see, not everything can be translated into
> ASCII
> because not everything is ASCII.  Hmmm, that sounds cryptic. 
> Basically if a bit is flipped because the TCP session is
> established or something, then there is no alpha-numeric
> output,
> it is just a value represented in hex.
> 
> If you don't want to cough up the cash for the book you can
> just
> start looking around the net for IP, TCP, UDP and ICMP packet
> formats.
> 
> --- Tay Chee Yong <tcy at ...8934...> wrote:
> > Hi list,
> > 
> > I am pretty new to snort, and i would like to find out how
> do
> > I decode the
> > snort -r output?  Could anyone tell me what does hex value
> > stand for, and
> > why are there "......."?
> > 
> > Basically, I am trying to find out the patterns of the
> > packets, so that I
> > can match by the content in my rules.
> > 
> > 04/21-16:02:57.719998 210.24.246.13:62764 ->
> 203.120.90.33:53
> > UDP TTL:124 TOS:0x0 ID:31492 IpLen:20 DgmLen:70
> > Len: 42
> > 01 62 01 00 00 01 00 00 00 00 00 00 09 4D 41 52 
> > .b...........MAR
> > 4B 45 54 49 4E 47 07 61 6C 63 6F 74 65 63 00 00 
> > KETING.alcotec..
> > 01 00 01 00 00 00 00 00 00 00                    ..........
> > 
> >
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> > 
> > Appreciate any advise.
> > 
> > Thanks.
> > 
> > Cheeyong
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> =====
> -----------------------------------------------------------
> Know yourself and know your enemy and you will never fear
> defeat.         
> -----------------------------------------------------------
> 
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com




More information about the Snort-users mailing list