Snort
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] HOW TO DECODE SNORT MESSAGES

from [suresh] [Permanent Link][Original]
To: <snort-users@lists.sourceforge.net>
Subject: [Snort-users] HOW TO DECODE SNORT MESSAGES
From: "suresh" <bsuresh1976@hotmail.com>
Date: Wed, 29 Nov 2006 14:29:48 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: snort-list@securepoint.com
In-reply-to: <1F07979053C0554898D81014C0DA1CC603AE2F@rmjconsulting.net>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
List-help: <mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-id: "Snort users talk about... Snort!" <snort-users.lists.sourceforge.net>
List-post: <mailto:snort-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
Sender: snort-users-bounces@lists.sourceforge.net
Thread-index: AccTQFCMlCIc2uWBQyC27pWMk2BmCAAU/K4g

Hi,

 

Is there any way on the internet to decode the below messages?

 

v 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 last message repeated 3 times

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [122:19:0] (portscan) UDP Portsweep {PROTO255} 66.114.175.16 -> 192.168.252.129

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1949 -> 219.139.108.138:80

Nov 29 08:55:58 HOME-sj-ids-int01 last message repeated 3 times

Nov 29 08:55:59 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:59 HOME-sj-ids-int01 snort[6321]: [1:0:1] outbound port 80 investigation - Added by AS {TCP} 192.168.203.131:1878 -> 219.139.108.138:80

Nov 29 08:55:59 HOME-sj-

 

 

Suresh

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort v2.6.1 and v2.6.1.1 - Either shutdown or hangs after a short period of time, Ron Jenkins
Next by Date:  Re: [Snort-users] HOW TO DECODE SNORT MESSAGES, Eric Hines
Previous by Thread:  Re: [Snort-users] Snort v2.6.1 and v2.6.1.1 - Either shutdown or hangs after a short period of time, Joel Esler
Next by Thread:  Re: [Snort-users] HOW TO DECODE SNORT MESSAGES, Eric Hines
Indexes:  [Date] [Thread] [Top] [All Lists]