Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Events with no packet data

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 08 Jul 2014 11:07:01 -0600
Interesting...from the u2 file:

(Event)
         sensor id: 0    event id: 1888  event second: 1404838420        
event microsecond: 303235
         sig id: 2015622 gen id: 1       revision: 1      
classification: 21
         priority: 1     ip source: x.x.x.x ip destination: x.x.x.x
         src port: 80    dest port: 49211        protocol: 6     
impact_flag: 0  blocked: 0

(ExtraDataHdr)
         event type: 4   event length: 38

(ExtraData)
         sensor id: 0    event id: 1888  event second: 1404838420
         type: 9 datatype: 1     bloblength: 14  HTTP URI: /index

(ExtraDataHdr)
         event type: 4   event length: 56

(ExtraData)
         sensor id: 0    event id: 1888  event second: 1404838420
         type: 10        datatype: 1     bloblength: 32  HTTP Hostname: 
www.favfamilyrecipes.com

And that's it...this should up as src/dst 0.0.0.0 in my sguil console.  
Is there a way to figure out exactly when the packet information wasn't 
included?  Thanks.

James

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: