[Snort-users] packets

cristal_ball at ...2470... cristal_ball at ...2470...
Mon May 12 01:11:07 EDT 2003


Hi all
j was finally able to install snort and snortsnarf on my machine

i run snort with this command:
snort -d -l ../log -c ../etc/snort.conf

what i get is:

[**] SMTP HELO overflow attempt [**]
05/10-21:51:08.170228 12.238.244.xxx:4147 -> 217.141.xxx.xxx:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:51
***AP*** Seq: 0xDE85D08A  Ack: 0xB8A2FDC1  Win: 0xF98E  TcpLen: 20
48 45 4C 4F 20 31 32 2D 32 33 38                 HELO 12-238


am j logging only the header?
if yes is there a way not to?

thank in advance





More information about the Snort-users mailing list