Snort mailing list archives

Previous By Date Next
Previous By Thread Next

PGP GNUTella GET from mailserver to outside port 25

From: JJ <jjhorner () SAFe-mail net>
Date: Thu, 28 Aug 2003 15:28:25 -0400
I've got a mailserver which is connecting to an external machine's port 25 (not strange), but the traffic that snort 
reports flags the above rule (GET ...).  I've captured this traffic using ethereal, but I can not see the "GET" string 
anywhere in the traffic.  A lot of the HTTP/1.1 type information is missing in Ethereal.  The HTTP/1.1 negotiation 
stuff is in the snort logs.

What's going on?  Why is snort and ethereal reporting two different things.  I've looked at specific packets and 
matched by sequence numbers and still the payloads don't match.

I'm really confused, please help.

---------------------
J. J. Horner
CISSP,CCNA,CHSS,CHP


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: