Home page logo

snort logo Snort mailing list archives

Snort has different IPs than Wireshark
From: "Billy Marshall" <Billy.Marshall () state co us>
Date: Tue, 30 Nov 2010 10:28:28 -0700

I have a massive amount of alerts that seem peculiar. Wireshark payload
dump from Snort has South African addresses but snort has  RFC 1816


Base output

DOS tcpdump tcp LDP print zero length message denial of service attempt

2010-11-24 06:00:01 
10.xxx.xxx.115 (;netmask=32
10.xxx.xxx.15 (;netmask32

whois info:

Src Dst

ZA, South Africa


Any Ideas

Attachment: 20101126-DOS tcpdump tcp LDP print zero length message denial of servi.pcap

Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]