- 论坛徽章:
- 0
|
我最近在编写snort 的规则,需要看懂snort截获的数据包才能正确的编写,可小弟对此不太在行,请各位高手大哥帮帮忙,小弟先谢过了.(如果有下载的地方就请给小弟个地址,小弟感激不尽)我给下面两个例子,不知各位能否看懂:
例1:12/29-10:56:32.097826 10.1.2.109:137 ->; 10.1.2.255:137
UDP TTL:128 TOS:0x0 ID:28676 IpLen:20 DgmLen:78
Len: 50
B1 6A 01 10 00 01 00 00 00 00 00 00 20 46 46 46 .j.......... FFF
41 43 4F 46 47 45 42 45 48 45 42 45 42 43 4F 45 ACOFGEBEHEBEBCOE
44 45 50 45 4E 43 41 43 41 43 41 41 41 00 00 20 DEPENCACACAAA..
00 01 ..
例2:12/29-10:56:28.910479 10.1.2.174:138 ->; 10.1.2.255:138
UDP TTL:128 TOS:0x0 ID:14945 IpLen:20 DgmLen:229
Len: 201
11 0E 80 96 0A 01 02 AE 00 8A 00 BB 00 00 20 45 .............. E
49 45 42 45 4F 46 4B 45 49 45 46 45 4F 46 4A 46 IEBEOFKEIEFEOFJF
46 43 41 43 41 43 41 43 41 43 41 43 41 43 41 00 FCACACACACACACA.
20 46 49 46 49 45 44 45 42 46 45 46 47 43 41 43 FIFIEDEBFEFGCAC
41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACACACACACAB
4E 00 FF 53 4D 42 25 00 00 00 00 00 00 00 00 00 N..SMB%.........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 11 00 00 21 00 00 00 00 00 00 00 00 00 E8 .....!..........
03 00 00 00 00 00 00 00 00 21 00 56 00 03 00 01 .........!.V....
00 00 00 02 00 32 00 5C 4D 41 49 4C 53 4C 4F 54 .....2.\MAILSLOT
5C 42 52 4F 57 53 45 00 01 00 80 FC 0A 00 48 41 \BROWSE.......HA
4E 5A 48 45 4E 59 55 00 00 00 00 00 00 00 05 00 NZHENYU.........
03 12 01 00 0F 01 55 AA 00 ......U..
这些代码是什么意思,如果编写snort规则,那么其中的那些信息对我有用? |
|