Re: snort -r output (Absent jusqu'au 29/07/2002)

[twig les <twigles () yahoo com>]

Dit is een engeltalige lijst.

--- Pascal Painparay <pascal.painparay () tdf fr> wrote:
> Je suis absent jusqu'au 21/04/03 inclus. 
> En cas d'urgence, Vous pouvez contacter :
>   Christophe Savin au 01 49 15 32 75.
>
> Cdt
> Pascal Painparay
>
> > > > twigles 04/21/03 19:50 >>>
>
> There is no quick and easy way to know the signifigance of a
> hex
> value in a packet dump without spending a lot of time looking
> at
> them.  To learn about them get the Stephen Northcutt book
> "Network Intrusion Detection, Third Edition".  As for the
> "........" you see, not everything can be translated into
> ASCII
> because not everything is ASCII.  Hmmm, that sounds cryptic. 
> Basically if a bit is flipped because the TCP session is
> established or something, then there is no alpha-numeric
> output,
> it is just a value represented in hex.
>
> If you don't want to cough up the cash for the book you can
> just
> start looking around the net for IP, TCP, UDP and ICMP packet
> formats.
>
> --- Tay Chee Yong <tcy () pacific net sg> wrote:
> > Hi list,
> >
> > I am pretty new to snort, and i would like to find out how
> do
> > I decode the
> > snort -r output?  Could anyone tell me what does hex value
> > stand for, and
> > why are there "......."?
> >
> > Basically, I am trying to find out the patterns of the
> > packets, so that I
> > can match by the content in my rules.
> >
> > 04/21-16:02:57.719998 210.24.246.13:62764 ->
> 203.120.90.33:53
> > UDP TTL:124 TOS:0x0 ID:31492 IpLen:20 DgmLen:70
> > Len: 42
> > 01 62 01 00 00 01 00 00 00 00 00 00 09 4D 41 52 
> > .b...........MAR
> > 4B 45 54 49 4E 47 07 61 6C 63 6F 74 65 63 00 00 
> > KETING.alcotec..
> > 01 00 01 00 00 00 00 00 00 00                    ..........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> > Appreciate any advise.
> >
> > Thanks.
> >
> > Cheeyong
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> =====
> -----------------------------------------------------------
> Know yourself and know your enemy and you will never fear
> defeat.         
> -----------------------------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users