Snort mailing list archives
RE: snoop output contradicts with snort database
From: "Jeff Jennings" <jjennings () zoominternet net>
Date: Sat, 9 Feb 2002 19:57:53 -0500
There's always 'format c:' if the beer doesn't work.. :-) -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Gongya Yu Sent: Saturday, February 09, 2002 5:15 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snoop output contradicts with snort database Hi, all: I have a win2k box compromised. After I boot up that box, I use snoop to find that it sends lots of packets to remote machines on port 80 from random local ports. I set up a snort box to plugin to oracle database. When I query tcphdr table, I found tcp_sport contains port 80, while tcp_dport contains random ports. any suggestions. Gongya Yu =================================
Current thread:
- OT Humor: Snort-Users Drinking Game Erek Adams (Feb 07)
- Re: OT Humor: Snort-Users Drinking Game Davitt J. Potter (Feb 07)
- Re: OT Humor: Snort-Users Drinking Game Bradley Alexander (Feb 08)
- Re: OT Humor: Snort-Users Drinking Game John Sage (Feb 09)
- Re: OT Humor: Snort-Users Drinking Game Andreas Östling (Feb 09)
- snoop output contradicts with snort database Gongya Yu (Feb 09)
- Re: snoop output contradicts with snort database Phil Wood (Feb 09)
- Re: snoop output contradicts with snort database John Sage (Feb 09)
- RE: snoop output contradicts with snort database Jeff Jennings (Feb 09)
- Re: OT Humor: Snort-Users Drinking Game John Sage (Feb 09)