Question:
I Need Packet Sniffing Help!?
anonymous
2010-03-11 18:54:04 UTC
What is Snort doing here?

HttpInspect Config:
GLOBAL CONFIG
Max Pipeline Requests: 0
Inspection Type: STATELESS
Detect Proxy Usage: NO
IIS Unicode Map Filename: /root/Desktop/snort-2.8.5.3/etc/unicode.map
IIS Unicode Map Codepage: 1252
DEFAULT SERVER CONFIG:
Server profile: All
Ports: 80 8080 8180
Server Flow Depth: 300
Client Flow Depth: 300
Max Chunk Length: 500000
Max Header Field Length: 0
Max Number Header Fields: 0
Inspect Pipeline Requests: YES
URI Discovery Strict Mode: NO
Allow Proxy Usage: NO
Disable Alerting: NO
Oversize Dir Length: 500
Only inspect URI: NO
Normalize HTTP Headers: NO
Normalize HTTP Cookies: NO
Ascii: YES alert: NO
Double Decoding: YES alert: YES
%U Encoding: YES alert: YES
Bare Byte: YES alert: YES
Base36: OFF
UTF 8: OFF
IIS Unicode: YES alert: YES
Multiple Slash: YES alert: NO
IIS Backslash: YES alert: NO
Directory Traversal: YES alert: NO
Web Root Traversal: YES alert: YES
Apache WhiteSpace: YES alert: NO
IIS Delimiter: YES alert: NO
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Non-RFC Compliant Characters: NONE
Whitespace Characters: 0x09 0x0b 0x0c 0x0d
rpc_decode arguments:
Ports to decode RPC on: 111 32771
alert_fragments: INACTIVE
alert_large_fragments: ACTIVE
alert_incomplete: ACTIVE
alert_multiple_requests: ACTIVE
Portscan Detection Config:
Detect Protocols: TCP UDP ICMP IP
Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
Sensitivity Level: Low
Memcap (in bytes): 10000000
Number of Nodes: 36900
FTPTelnet Config:
GLOBAL CONFIG
Inspection Type: stateful
Check for Encrypted Traffic: YES alert: YES
Continue to check encrypted data: NO
TELNET CONFIG:
Ports: 23
Are You There Threshold: 200
Normalize: YES
Detect Anomalies: NO
FTP CONFIG:
FTP Server: default
Ports: 21
Check for Telnet Cmds: YES alert: YES
Ignore Telnet Cmd Operations: OFF
Identify open data channels: YES
FTP Client: default
Check for Bounce Attacks: YES alert: YES
Check for Telnet Cmds: YES alert: YES
Ignore Telnet Cmd Operations: OFF
Max Response Length: 256
SMTP Config:
Ports: 25 587 691
Inspection Type: Stateful
Normalize: EXPN RCPT VRFY
Ignore Data: No
Ignore TLS Data: No
Ignore SMTP Alerts: No
Max Command Line Length: Unlimited
Max Specific Command Line Length:
ETRN:500 EXPN:255 HELO:500 HELP:500 MAIL:260
RCPT:300 VRFY:255
Max Header Line Length: Unlimited
Max Response Line Length: Unlimited
X-Link2State Alert: Yes
Drop on X-Link2State Alert: No
Alert on commands: None
SSH config:
Autodetection: DISABLED
Challenge-Response Overflow Alert: ENABLED
SSH1 CRC32 Alert: ENABLED
Server Version String Overflow Alert: ENABLED
Protocol Mismatch Alert: ENABLED
Bad Message Direction Alert: DISABLED
Bad Payload Size Alert: DISABLED
Unrecognized Version Alert: DISABLED
Max Encrypted Packets: 20
Max Server Version String Length: 80 (Default)
MaxClientBytes: 19600 (Default)
Ports:
22
DCE/RPC 2 Preprocessor Configuration
Global Configuration
DCE/RPC Defragmentation: Enabled
Memcap: 102400 KB
Events: none
Server Default Configuration
Policy: WinXP
Detect ports
SMB: 139 445
TCP: 135
UDP: 135
RPC over HTTP server: 593
RPC over HTTP proxy: None
Autodetect ports
SMB: None
TCP: 1025-65535
UDP: 1025-65535
RPC over HTTP server: 1025-65535
RPC over HTTP proxy: None
Maximum SMB command chaining: 3 commands
DNS config:
DNS Client rdata txt Overflow Alert: ACTIVE
Obsolete DNS RR Types Alert: INACTIVE
Experimental DNS RR Types Alert: INACTIVE
Ports: 53
SSLPP config:
Encrypted packets: not inspected
Ports:
443 465 563 636 989
992 993 994 995
Server side data is trusted
Three answers:
Gary
2010-03-15 15:32:50 UTC
Here you go:

http://www.snort.org/snort/faq



...
anonymous
2016-12-11 23:56:55 UTC
Packet sniffing is basically the technique of interpreting information on a similar time because it relatively is in transit around the community. it relatively is extremely useful as a debugging gadget because it allows you to work out precisely what's occurring on the community point, it relatively is in many cases not what you think of it may be. it is likewise useful as a secure practices gadget by way of fact something it relatively is sent around the community may well be study. The exclusion to it is encrypted site visitors alongside with HTTPS, SSH, etc. as an occasion, many social networks use huge-unfold HTTP so which you will have the skill to analyze the site visitors of such an application. additionally, many POP3 and information superhighway-based email amenities do not encrypt their site visitors so as that they are vulnerable to packet sniffing besides. Packet sniffing's 3 common consumers and purposes are: a million) Hackers and risk-free practices experts use it to analyze information because it crosses the community to seek for tender information that they could have the skill to apply with the intention to compromise someone or account. 2) community engineers use it for debugging and sorting out of networks. 3) application builders use it to debug community application. sure - it relatively is obtainable to intercept site visitors, regulate it, and then rebroadcast it. it is what's likewise consumer-friendly as a guy-in-the-center attack. For community monitoring to artwork, the guy doing the monitoring could have get admission to to the community between the two hosts that are conversing. as an occasion, a community administrator on a company LAN could have the skill to seize the site visitors of a shopper on the LAN, yet a random person on the internet would not.
?
2010-03-11 19:38:18 UTC
network


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Continue reading on narkive:
Loading...