Snort mailing list archives

no payload on ppp0

From: Jochen Vogel <jvogel () it-sec de>
Date: Fri, 24 Oct 2003 10:57:39 +0200

hi,

iuse redhat9 with iptables and pppoe.

i start snort with /usr/local/bin/snort -c /etc/snort/snort.conf -d -D
and log the unified log file with barnyard into mysql and to dump.log

if i use eth1 i can see payload
[**] [1:407:4] ICMP Destination Unreachable (Undefined Code!) [**]
[Classification: Misc activity] [Priority: 3]
Event ID: 2     Event Reference: 2
10/24/03-10:56:53.873905 194.9.167.200 -> 192.168.63.1
ICMP TTL:52 TOS:0xC4 ID:47986 IpLen:20 DgmLen:74
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
00 00 00 00 45 84 00 2E 27 D3 00 00 74 11 B4 EC  ....E...'...t...
C0 A8 3F 01 C2 09 A7 C8 0C 40 12 39 00 1A 6A 61  ..?......@.9..ja
E3 9A 5F 74 52 6D 93 CB 93 75 0E 52 26 1A 4F C6  .._tRm...u.R&.O.
CC 73                                            .s
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


if i use ppp0 i cant see payload
[**] [1:409:4] ICMP Echo Reply (Undefined Code!) [**]
[Classification: Misc activity] [Priority: 3]
Event ID: 48     Event Reference: 48
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

thx for help
jo


-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

no payload on ppp0 Jochen Vogel (Oct 24)
- Re: no payload on ppp0 Erek Adams (Oct 24)
  - AW: no payload on ppp0 Jo (Oct 25)