Honeyd Mailing List: Re: honeyd logs

From: Thomas Jones <thomas.jones_at_linux-howtos.com>
Date: Wed, 28 Jan 2004 04:48:07 -0800

On Tuesday 27 January 2004 09:53 am, Mauricio Smythe wrote:
> Hi All,
> Can you sayme please what is the difference beeewn this honeyd logs:
>
> 1) 2004-01-16-13:23:14.0175 tcp(6) S xx.xx.xx.xx 32770 yy.yy.yy.yy 80
> 2) 2004-01-16-13:23:14.0869 tcp(6) E xx.xx.xx.xx 32770 yy.yy.yy.yy 80: 0
> 0
>
> 3) 2004-01-16-14:10:47.0133 tcp(6) - aa.aa.aa.aa 1025 bb.bb.bb.bb 1133:
> 40 RA
>
> In 1) what that mean the "S"

Let me see if i can decipher them for you!?
"S" = SYN flag set

> In 2) what that mean the "E" and why its ends whith 80: 0 0, different
> than the fist one
"E" = ECN flag set
"0" = Type 0 codepoint for the ECT?

> In 3) what that mean the "-" and the 40 RA
"-"= no flags
"RA" = RST and ACK flags set

>
> Thanks in advance

Thomas

application/pgp-signature attachment: signature

Received on Wed Jan 28 2004 - 11:31:53 PST

Honeyd Resources

Honeyd Research

Honeypot Resources

Honeypot Books

Happy Hacking

Support Honeyd

Search Amazon

Re: honeyd logs