Snort mailing list archives
MISC same SRC/DST == broadcast to broadcast
From: Tom Sevy <tsevy () epx com>
Date: Tue, 29 Jan 2002 09:13:59 -0500
I've had Snort/Mysql/Acid running since August 2001, and have never seen this before. I am very very curious as to how a packet shows up on the External side of our FW with a source and destination of 255.255.255.255 -- I would first suspect a misconfigured ip device, but nothing new has been introduced and no changes have been made in the last week or so. If anyone can shed any light on this I would appreciate it. Generated by ACID v0.9.6b13 on Tue January 29, 2002 09:10:03 ---------------------------------------------------------------------------- -- #(1 - 169464) [2002-01-28 19:50:53] MISC same SRC/DST IPv4: 255.255.255.255 -> 255.255.255.255 hlen=5 TOS=0 dlen=500 ID=27749 flags=0 offset=0 TTL=50 chksum=6821 ICMP: type=Echo Request code=0 checksum=63487 id=0 seq=0 Payload: length = 472 000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1d0 : 00 00 00 00 00 00 00 00 ........ ---------------------------------------------------------------------------- -- #(1 - 169465) [2002-01-28 19:50:53] MISC same SRC/DST IPv4: 255.255.255.255 -> 255.255.255.255 hlen=5 TOS=0 dlen=500 ID=27750 flags=0 offset=0 TTL=49 chksum=7076 ICMP: type=Echo Request code=0 checksum=63487 id=0 seq=0 Payload: length = 472 000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1d0 : 00 00 00 00 00 00 00 00 ........ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MISC same SRC/DST == broadcast to broadcast Tom Sevy (Jan 29)