RE: Icmp Ping

["Lucretia Enterprises" <info () lucretia ca>]

http://www.ntop.org/

James Friesen
CIO
Lucretia Enterprises
info at lucretia dot ca
http://www.lucretia.ca/


:> Jerry Shenk sighed and wrote::
:> 
:> 
:> > What that traffic originating from one of your boxes or 
:> coming in?  
:> > I'd
:> 
:> The traffic is coming into the box and not out.  But
:> reading the links above, if the traffic is coming into the 
:> box and that the traffic is actually a PONG (and not a 
:> PING), then does that means it's actually responding to a 
:> Ping originating from
:> within the network?   Or did I misunderstand the last link?  I
:> had trouble understanding it and only kinda guessed the meaning.
:> 
:> > give the related box a serious check.  First thought was a 
:> back door 
:> > but then the question is, "Why be so obvious?"  How long a 
:> period of 
:> > time did this traffic involve?  Is it still going on?
:> >
:> 
:> It's still going on.  And now, I've got another different 
:> Icmp response with a payload of :-
:> 
:> 000 : 37 FF 01 00 00 00 0B B8 00 03 D5 EB 4E EA B8 2D   
:> 7...........N..-
:> 010 : 0E 74 6F 70 2D 36 30 30 31 2D 34 32 30 30 30 00   
:> .top-6001-42000.
:> 020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
:> ................
:> 030 : 00 00                                             ..
:> 
:> Does anyone recognize this kind of command?
:> 
:> Thanks
:> 
:> Edmund



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users