Snort mailing list archives
PGP GNUTella GET from mailserver to outside port 25
From: JJ <jjhorner () SAFe-mail net>
Date: Thu, 28 Aug 2003 15:28:25 -0400
I've got a mailserver which is connecting to an external machine's port 25 (not strange), but the traffic that snort reports flags the above rule (GET ...). I've captured this traffic using ethereal, but I can not see the "GET" string anywhere in the traffic. A lot of the HTTP/1.1 type information is missing in Ethereal. The HTTP/1.1 negotiation stuff is in the snort logs. What's going on? Why is snort and ethereal reporting two different things. I've looked at specific packets and matched by sequence numbers and still the payloads don't match. I'm really confused, please help. --------------------- J. J. Horner CISSP,CCNA,CHSS,CHP ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PGP GNUTella GET from mailserver to outside port 25 JJ (Aug 28)