[Snort-users] (no subject)

counterping at ...5767... counterping at ...5767...
Tue Jan 7 07:57:11 EST 2003


Hiya,

Can anyone help me with this one ?

How can I tell what type of packet this is ? (RTP, RTCP etc etc)
Are there any tools that can 'decode' the payload like the way SnifferPro 
recognises packet type based on Ports/payloads etc etc ?

This packet keeps hitting my media gateways, but it doesn't look like a media-
streaming- packet to me :

UDP Length 136
SRC Port 63893 DST 17959 
Ver 4  Lngth 5  TOS 0  Lng 156
ID 9635  Flags 0  OffSet 0 
TTL 109  Checksum 355 


PAYLOAD
 length = 128

000 : 82 C8 00 12 17 22 16 90 3E 07 98 F1 83 84 20 00   ....."..>..... .
010 : 91 34 49 46 00 00 02 6C 00 00 3A 20 10 8A 06 13   .4IF...l..: ....
020 : 08 00 00 20 00 00 CD C6 00 00 00 66 6C BD CD 5B   ... .......fl..[
030 : 00 01 3C A8 10 8A 26 13 00 00 00 01 00 00 CD 5F   ..<...&........_
040 : 00 00 00 00 00 00 00 00 00 00 00 00 81 CA 00 0C   ................
050 : 17 22 16 90 01 16 41 64 6D 69 6E 69 73 74 72 61   ."....Administra
060 : 74 6F 72 40 4C 41 47 42 41 4A 41 00 02 0E 41 64   tor at ...7934...
070 : 6D 69 6E 69 73 74 72 61 74 6F 72 00 00 00 00 00   ministrator.....

Any Help would be greatly appreciated !
Cheers
YPnk.


----------------------------------------------------------
This message was sent using                 http://uk2.net
NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD -  25/month
FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email






More information about the Snort-users mailing list