Snort mailing list archives

Previous By Date Next
Previous By Thread Next

playback and udp

From: Greg Sarsons <gsarsons () istop com>
Date: 17 Nov 2001 14:14:12 -0500
Is it possible when during playback specifying udp as the tfc type that
the destination udp port be empty?

Why?  Well I have a script the parses the playback and when I look at
inbound udp traffic at a point on the network the totals traffic by port
there is and entry for ' '

The output should be 
<port number>  <hits>  <total octets>

For some reason inbound traffic going to a subnet I see

   110657 113557672
67 852 384811
etc

if I do the same thing with outbound

21 22 2074
25 60 2040
etc

or even tcp outbound 

1 9 432
20 1 48

I'm stumped so I guess it there anything that could make a udp packet
have not port or appear to have no port defined.

Greg






_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: