152
Chapter 4 Plugins, Preprocessors and Output Modules
The output file generated after using this line in snort.conf file is something
like the following:
07/23 18:24:03.388106 ,ICMP Packet with
TTL=100,ICMP,192.168.1.100,,192.168.1.2,,0:2:3F:33:C6:98,0:E0:29:89:
28:59,0x4A,,,,,,100,0,51367,60,20,8,0,,
07/23 18:25:51.608106 ,GET
matched,TCP,192.168.1.2,1060,192.168.10.193,,0:E0:29:89:28:59,0:6:25
:5B:29:ED,0x189,***AP***,0x55BCF404,0x8CBF42DD,,0x16D0,64,0,35580,37
9,20,,,,
07/23 18:25:52.008106 ,GET
matched,TCP,192.168.1.2,1061,192.168.10.193,,0:E0:29:89:28:59,0:6:25
:5B:29:ED,0x1D0,***AP***,0x55628967,0x8D33FB74,,0x16D0,64,0,63049,45
0,20,,,,
07/23 18:25:52.478106 ,GET
matched,TCP,192.168.1.2,1061,192.168.10.193,,0:E0:29:89:28:59,0:6:25
:5B:29:ED,0x1D0,***AP***,0x55628B01,0x8D33FC1B,,0x1920,64,0,63051,45
0,20,,,,
07/23 18:25:52.708106 ,GET
matched,TCP,192.168.1.2,1061,192.168.10.193,,0:E0:29:89:28:59,0:6:25
:5B:29:ED,0x1EF,***AP***,0x55628C9B,0x8D33FCC1,,0x1D50,64,0,63053,48
1,20,,,,
Each line in the output consists of fields as listed in Table 4 3.
Table 4 3 CSV Options
Name
Description
Timestamp
Time stamp including date and time.
Msg
Message which is taken from the msg option of the rule.
Proto
Protocol.
Src
Source IP address.
Srcport
Source port number. No port number is present in ICMP packets.
Dst
Destination IP address.
Dstport
Destination port.
ethsrc
Source Ethernet address.
ethdst
Destination Ethernet address.
ethlen
Length of Ethernet frame.
tcpflags
If the protocol is TCP, this part contains TCP flags.
tcpseq
TCP sequence number in TCP packets.
tcpack
TCP acknowledgement number.
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved