Snort mailing list archives

What is this I see?

From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Tue, 11 Sep 2012 09:40:53 +0530

Can someone help me out- what is this that I see when Snort starts
"commencing packet processing" :

S5: Session exceeded configured max bytes to queue 1048576 using 1049442
bytes (server queue). 172.16.100.107 61937 --> 180.190.148.148 80 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126802 bytes (stale/timeout).
172.16.4.155 1087 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x65e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049767
bytes (client queue). 172.16.5.144 1304 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125451 bytes (closed
normally). 172.16.5.144 1304 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Pruned session from cache that was using 1124810 bytes (stale/timeout).
172.16.4.165 1040 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Pruned session from cache that was using 1128510 bytes (stale/timeout).
172.16.105.13 1132 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x65e007
S5: Pruned session from cache that was using 1122890 bytes (stale/timeout).
172.16.4.166 1066 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Pruned session from cache that was using 1127508 bytes (stale/timeout).
172.16.1.122 1039 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x65e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048622
bytes (client queue). 172.16.100.231 60670 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126006 bytes (closed
normally). 172.16.100.231 60670 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048628
bytes (client queue). 172.16.100.231 65349 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1144168 bytes (stale/timeout).
172.16.100.231 65349 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049249
bytes (client queue). 172.16.100.113 1743 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125953 bytes (closed
normally). 172.16.100.113 1743 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049060
bytes (client queue). 172.16.100.231 54741 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126376 bytes (stale/timeout).
172.16.100.231 54741 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049006
bytes (client queue). 172.16.100.231 57288 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126254 bytes (closed
normally). 172.16.100.231 57288 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048736
bytes (client queue). 172.16.100.231 58937 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1146044 bytes (stale/timeout).
172.16.100.231 58937 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049374
bytes (client queue). 172.16.100.231 60610 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126486 bytes (stale/timeout).
172.16.100.231 60610 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1048952
bytes (client queue). 172.16.100.231 62333 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126132 bytes (stale/timeout).
172.16.100.231 62333 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags
0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1048946
bytes (client queue). 172.16.44.53 1312 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049107
bytes (client queue). 172.16.4.177 1116 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049195
bytes (client queue). 172.16.5.185 1089 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1136895 bytes (closed
normally). 172.16.4.177 1116 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Pruned session from cache that was using 1127327 bytes (closed
normally). 172.16.5.185 1089 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049205
bytes (client queue). 172.16.4.82 1048 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125501 bytes (closed
normally). 172.16.4.82 1048 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048732
bytes (client queue). 172.16.4.183 1083 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049149
bytes (client queue). 172.16.5.170 1133 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1117965 bytes (closed
normally). 172.16.5.170 1133 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049751
bytes (client queue). 172.16.5.217 1063 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1119179 bytes (closed
normally). 172.16.5.217 1063 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049466
bytes (client queue). 172.16.1.46 1101 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1118010 bytes (closed
normally). 172.16.1.46 1101 --> 172.16.100.223 8014 (0) : LWstate 0x9
LWFlags 0x60e007
S5: Pruned session from cache that was using 1118986 bytes (stale/timeout).
172.16.44.53 1312 --> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049556
bytes (client queue). 172.16.2.25 1332 --> 172.16.100.223 8014 (0) :
LWstate 0x9 LWFlags 0x406007


Thanks...

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

What is this I see? Pratik Narang (Sep 10)
- Re: What is this I see? Joel Esler (Sep 11)
- Re: What is this I see? waldo kitty (Sep 11)