[Snort-users] (no subject)

counterping at ...5767... counterping at ...5767...
Tue Jan 7 07:55:02 EST 2003


Hiya,

Can anyone help me with this one ?

How can I tell what type of packet this is ? (RTP, RTCP etc etc)
Are there any tools that can 'decode' the payload like the way SnifferPro 
recognises packet type based on Ports/payloads etc etc ?

This packet keeps hitting my media gateways, but it doesn't look like a media-
treaming- packet to me :

UDP Length 136
SRC Port 63893 DST 17959 
Ver 4Lngth 5
TOS 0
Lenght 156
ID 9635
Flags 0
OffSet 0
TTL 109
Checksum 355 

PAYLOAD
 length = 128

000 : 82 C8 00 12 17 22 16 90 3E 07 98 F1 83 84 20 00   ....."..>..... .
010 : 91 34 49 46 00 00 02 6C 00 00 3A 20 10 8A 06 13   .4IF...l..: ....
020 : 08 00 00 20 00 00 CD C6 00 00 00 66 6C BD CD 5B   ... .......fl..[
030 : 00 01 3C A8 10 8A 26 13 00 00 00 01 00 00 CD 5F   ..<...&........_
040 : 00 00 00 00 00 00 00 00 00 00 00 00 81 CA 00 0C   ................
050 : 17 22 16 90 01 16 41 64 6D 69 6E 69 73 74 72 61   ."....Administra
060 : 74 6F 72 40 4C 41 47 42 41 4A 41 00 02 0E 41 64   tor at ...7934...
070 : 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 00 00   ministrator.....


----------------------------------------------------------
This message was sent using                 http://uk2.net
NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD -  25/month
FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email






More information about the Snort-users mailing list