Snort mailing list archives
RE: help
From: "Chapman, Justin T" <JtChapma () bhi-erc com>
Date: Thu, 10 Apr 2003 14:28:08 -0700
I think it goes [<sensorID>:<signatureID>:<signatureRevision>] -----Original Message----- From: li wei [mailto:kkndguy () hotmail com] Sent: Wednesday, April 09, 2003 2:59 AM To: snort-users () lists sourceforge net Subject: [Snort-users] help hi, all! i use snort-1.9.1 in openbsd3.3.When i read the alert file,i found somthing like that : [**] [1:615:3] SCAN SOCKS Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 04/09-11:11:10.440280 192.168.2.101:20 -> 192.168.2.145:1080 TCP TTL:128 TOS:0x0 ID:55820 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA62138F7 Ack: 0x0 Win: 0xFAF0 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [Xref => url help.undernet.org/proxyscan/] what's "[1:615:3]" means in the message? There is sting like that in evey message.So , what's the string means? All the best, kkndguy ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- help li wei (Apr 10)
- <Possible follow-ups>
- RE: help Chapman, Justin T (Apr 10)