Honeypots mailing list archives

honeyd logs

From: "Mauricio Smythe" <msmythe () inf utfsm cl>
Date: Tue, 27 Jan 2004 11:53:03 -0600

Hi All,
Can you sayme please what is the difference beeewn this honeyd logs:

1)    2004-01-16-13:23:14.0175 tcp(6) S xx.xx.xx.xx 32770 yy.yy.yy.yy 80
2)    2004-01-16-13:23:14.0869 tcp(6) E xx.xx.xx.xx 32770 yy.yy.yy.yy 80: 0
0

3)    2004-01-16-14:10:47.0133 tcp(6) -  aa.aa.aa.aa 1025 bb.bb.bb.bb 1133:
40 RA

In 1) what that mean the "S"
In 2) what that mean the "E" and why its ends whith 80: 0  0, different than
the fist one
In 3) what that mean the "-" and the 40 RA

Thanks in advance

Current thread:

honeyd logs Mauricio Smythe (Jan 27)
- Re: honeyd logs Thomas Jones (Jan 28)
  - Re: honeyd logs Niels Provos (Jan 28)