RE: what is this?

• Previous message: Juri Haberland: "Re: document_all.pif"
• Maybe in reply to: Kostas K: "what is this?"
• Next in thread: Joe Matusiewicz: "Re: what is this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Kostas K <acezerocool@yahoo.com>, incidents@securityfocus.com
Date: Tue, 19 Aug 2003 10:04:37 -0700

224.0.0.1 = multicast

Protocol 2 = IGMP Internet Group Management [RFC1112]

http://www.iana.org/assignments/protocol-numbers

http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guid
e09186a0080080515.html

Regards,

Greg DeGennaro Jr., CCNP
Security Analyst

-----Original Message-----
From: Kostas K [mailto:acezerocool@yahoo.com]
Sent: Monday, August 18, 2003 5:19 PM
To: incidents@securityfocus.com
Subject: what is this?

Hi list,

I captured activity with snort and i can't think of what is it? Does
anybody know.

08/19-00:42:39.063639 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:44416 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00 .d......

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/19-00:43:39.185528 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:48569 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00 .d......

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/19-00:44:39.301674 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:51771 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00 .d......

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/19-00:45:39.423600 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:55167 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00 .d......

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/19-00:46:39.556458 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:58562 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00 .d......

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/19-00:47:39.672239 20:53:52:43:0:0 -> 44:45:53:54:0:0 type:0x800
len:0x2A
194.30.220.216 -> 224.0.0.1 PROTO002 TTL:1 TOS:0xC0 ID:62338 IpLen:20
DgmLen:28
11 64 EE 9B 00 00 00 00

By the way is there any link that explains well snort's output?

Thanx in advance

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at:
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at:
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------

• Previous message: Juri Haberland: "Re: document_all.pif"
• Maybe in reply to: Kostas K: "what is this?"
• Next in thread: Joe Matusiewicz: "Re: what is this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]