[Snort-users] Some odd traffic.

Matt Linton mlinton at ...10499...
Fri Dec 12 09:02:14 EST 2003


Has anyone seen traffic like this before?  It's a little bit odd to see 
TCP port 0 -> Port 0 across the router. Especially with A and R flags, no?

[**] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**]
12/11-16:28:18.618241 192.168.20.81:0 -> 10.0.2.5:0
TCP TTL:128 TOS:0x0 ID:18920 IpLen:20 DgmLen:136
*2UA*R** Seq: 0x12502710  Ack: 0x103C225  Win: 0xF437  TcpLen: 12  
UrgPtr: 0xFFFF

-- 
+---------------------------------------------------
| Regards;
| Matt Linton
| UNIX Systems Administrator
| ASANI Solutions, LLC.
+---------------------------------------------------





More information about the Snort-users mailing list