[luau] Help deciphering portscan entries in /var/log/messages
Eric Hattemer
hattenator at imapmail.org
Thu Dec 12 12:04:00 PST 2002
ethereal is really good at filtering tcpdump. Try that if you decide to
look into the matter.
-Eric Hattemer
On Thu, 2002-12-12 at 11:05, Vince Hoang wrote:
> On Wed, Dec 11, 2002 at 10:44:30PM -1000, Ben Beeson wrote:
> > I'm curious why the log shows two IP addresses that aren't
> > mine. Is that because snort is seeing the traffic pass my
> > external interface, or is something else up?
>
> Your external interface is probably sharing the same collision or
> broadcast domain. If listen with tcpdump and filter out your IP,
> you will probably see more foreign packets.
>
> -Vince
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
--
Eric Hattemer <hattenator at imapmail.org>
More information about the LUAU
mailing list