Snort mailing list archives

Previous By Date Next
Previous By Thread Next

"OTHER" protocol packets

From: Peter Caffin <peterc+snortlist () autons net au>
Date: Thu, 14 Nov 2002 05:03:24 +0800 (WST)
Hi all,

I have a colocated box running snort that has produced the following
summary (snort run 2002/11/13 7.03am to 11/14 4.44am WST +0800):

  Snort analyzed 277068 out of 277068 packets,
  dropping 0(0.000%) packets
  Breakdown by protocol:                Action Stats:
      TCP: 28700      (10.358%)         ALERTS: 0
      UDP: 84281      (30.419%)         LOGGED: 0
     ICMP: 68         (0.025%)          PASSED: 0
      ARP: 119465     (43.118%)
     IPv6: 0          (0.000%)
      IPX: 0          (0.000%)
    OTHER: 44554      (16.081%)
  DISCARD: 0          (0.000%)

It's not a high-traffic site by any means and the box has been located in
a /25 subnet with some of their other customers. (The UDP is high due to
their colocated luser customers sending out volumes of netbios and bootp
crap to their broadcast.)

What really concerns me is the extremely high ARP count (I've opened a
case with my provider) and the stuff listed as "OTHER".

Anyone care to speculate what sort of traffic is this "OTHER" protocol
garbage might be? Can anyone recommend any tools that would be useful to
find out?

Thanks.

-- 
----------------------------------------------------------------------
Peter Caffin, Automatic Networking Solutions Pty. Ltd. (ACN 099822965)
http://www.autons.net.au/   PO Box 283, North Perth WA 6906, Australia
----------------------------------------------------------------------



-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about 
your web server security? Click here for a FREE Thawte 
Apache SSL Guide and answer your Apache SSL security 
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: