Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Anyone seen this before - contains html

From: Dan Ferris <dferris () maad com>
Date: Thu, 28 Aug 2003 10:21:00 -0600

ID #    Time    Triggered Signature
3 - 248826 2003-08-27 12:56:35 [snort <http://www.snort.org/snort-db/sid.html?sid=46>] (snort_decoder) WARNING: TCP Header length exceeds packet length! 

Sensor  name    interface       filter
eth1 /none/ 
Alert
Group /none/ 
IP
source addr dest addr Ver Hdr Len TOS length ID flags offset TTL chksum 

        <http://199.45.236.4/acid/acid_stat_ipaddr.php?ip=199.45.236.10&netmask=32>   4       5       0       40      
11306   0       0       109     49842

FQDN    Source Name     Dest. Name

        

Options             /none /

CP      
source
port    dest
 port           R
1       R
0       U
R
G       A
C
K       P
S
H       R
S
T       S
Y
N       F
I
N       seq #   ack     offset  res     window  urp     chksum
29396 <http://www.snort.org/ports.html?port=29396> 80 <http://www.snort.org/ports.html?port=80> 
        X       X       
        X       X       
        X       98015812        3705565293      7       0       28781   28781   10261


Anyone know what program generated this?  This isn't nmap is it?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: