[Snort-users] Question, probably really simple, but a question nontheles
kjsmith at ...13166...
Fri Oct 7 13:13:25 EDT 2005
Thanks for getting back to me. Yeah, that information did help a little,
it just has to sink in. Anyway, here is the pcap (hopefully it will be
there) from Ethereal that I pulled out of the tcpdump logs. I filtered
out packets just from this source. Also, I don't know if this will help
you identify the reason for all the 0 addresses, but here is how we have
snort setup, it is an odd configuration, but this is how they wanted it
done. Anyway, the box is only getting traffic that would normally go
nowhere or no reply. Such as a bad web address, a down server, etc, that
is all the information snort is going to get. I realize that is taking
at lot of power out of what snort can do, but my hands were tied for
that decision. Anyway, hopefully you can find something out of it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 45700 bytes
Desc: not available
More information about the Snort-users