I have a pcap file and I am trying to analyze it using Snort and Wireshark.
When I tried the command, which I had showed below, in Ubuntu I was provided with various output such as the date, time, source host, destination host, protocol and there are some others like TTL, TOS, ID, IpLen, DgmLen, Ack, Seq.
Snort -r myfile.pcap
My question is: What do each of these fields mean, and what threats or attacks can be performed with those fields?
TTL, TOS, ID, IpLen, DgmLen, Ack, Seq
I'm attaching a part of the Snort output of the pcap file.
Do I have to write a Snort rule in order to detect attacks? Any help would be appreciated.
Aucun commentaire:
Enregistrer un commentaire