Re: Question, probably really simple, but a question nontheles

[Kevin Smith <kjsmith () tm net>]

Alex,

Thanks for getting back to me. Yeah, that information did help a little, 
it just has to sink in. Anyway, here is the pcap (hopefully it will be 
there) from Ethereal that I pulled out of the tcpdump logs. I filtered 
out packets just from this source. Also, I don't know if this will help 
you identify the reason for all the 0 addresses, but here is how we have 
snort setup, it is an odd configuration, but this is how they wanted it 
done. Anyway, the box is only getting traffic that would normally go 
nowhere or no reply. Such as a bad web address, a down server, etc, that 
is all the information snort is going to get. I realize that is taking 
at lot of power out of what snort can do, but my hands were tied for 
that decision. Anyway, hopefully you can find something out of it.

Thanks again,
Kevin

Attachment: pcaplist
Description: