Honeypots mailing list archives

Re: honeyd logs

From: Thomas Jones <thomas.jones () linux-howtos com>
Date: Wed, 28 Jan 2004 04:48:07 -0800

On Tuesday 27 January 2004 09:53 am, Mauricio Smythe wrote:

Hi All,
Can you sayme please what is the difference beeewn this honeyd logs:

1)    2004-01-16-13:23:14.0175 tcp(6) S xx.xx.xx.xx 32770 yy.yy.yy.yy 80
2)    2004-01-16-13:23:14.0869 tcp(6) E xx.xx.xx.xx 32770 yy.yy.yy.yy 80: 0
0

3)    2004-01-16-14:10:47.0133 tcp(6) -  aa.aa.aa.aa 1025 bb.bb.bb.bb 1133:
40 RA

In 1) what that mean the "S"


Let me see if i can decipher them for you!?
"S" = SYN flag set

In 2) what that mean the "E" and why its ends whith 80: 0  0, different
than the fist one

"E" = ECN flag set
"0" = Type 0 codepoint for the ECT?

In 3) what that mean the "-" and the 40 RA

"-"= no flags
"RA" = RST and ACK flags set


Thanks in advance


Thomas

Attachment: _bin
Description: signature

Current thread:

honeyd logs Mauricio Smythe (Jan 27)
- Re: honeyd logs Thomas Jones (Jan 28)
  - Re: honeyd logs Niels Provos (Jan 28)