Snort mailing list archives
Missing port number in alert file.
From: "SW" <s.wun () thales-is com hk>
Date: Thu, 15 Aug 2002 13:30:11 +0800
I dont' know why there is no port number shown in the alert file when there is a Frag attach, ( for example a Teardrop attack). Here is a sample alert msg: [**] [113:2:1] spp_frag2: Teardrop attack [**] 08/13/02-02:02:45.980187 100.12.12.12 -> 192.168.1.2 UDP TTL:64 TOS:0x0 ID:242 IpLen:20 DgmLen:24 Frag Offset: 0x0003 Frag Size: 0x0001 Port number is missing in the second line of this msg. Is this a bug of Snort? Thanks Sam ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex Resp Problems Owen Creger (Aug 14)
- Missing port number in alert file. SW (Aug 14)
- Re: Missing port number in alert file. Matt Kettler (Aug 15)
- Re: Flex Resp Problems Jeff Nathan (Aug 15)
- Missing port number in alert file. SW (Aug 14)