[Snort-users] HOW TO DECODE SNORT MESSAGES

suresh bsuresh1976 at ...125...
Wed Nov 29 03:59:48 EST 2006


Hi,

 

Is there any way on the internet to decode the below messages?

 

v 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 last message repeated 3 times

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [122:19:0] (portscan) UDP
Portsweep {PROTO255} 66.114.175.16 -> 192.168.252.129

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 last message repeated 3 times

Nov 29 08:55:59 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:59 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80
investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:59 HOME-sj-

 

 

Suresh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061129/016fe206/attachment.html>


More information about the Snort-users mailing list