pop: Unknown POP3 response/command

[Matteo De Rosa <matteo.derosa () enea it>]

I have similar alerts for POP and IMAP :

[snort] pop: Unknown POP3 response      protocol-command-decode 523(0%) 1       1       30
[snort] pop: Unknown POP3 command       protocol-command-decode 941(0%) 1       45      1
[snort] imap: Unknown IMAP4 command     protocol-command-decode 450(0%) 1       19      1


Decodind method specified in short.conf are:

# POP preprocessor. For more information see README.pop
preprocessor pop: \
   ports { 110 } \
   b64_decode_depth 0 \
   qp_decode_depth 0 \
   bitenc_decode_depth 0 \
   uu_decode_depth 0

# IMAP preprocessor.  For more information see README.imap
preprocessor imap: \
   ports { 143 } \
   b64_decode_depth 0 \
   qp_decode_depth 0 \
   bitenc_decode_depth 0 \
   uu_decode_depth 0

All are related to the unic ENEA-mail-server and a lot of Enea-client .

> How can I get the entire session in a pcap ? By BASE  ? And how ?

Many thank's for collaboration.



------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!