Title: Message
I am new to Ethereal
and was performing a packet capture and noticed something odd.
Does anyone
have an idea of what this could be? Is this what I think it is? This is a single
packet export to a text file.
No.
Time
Source
Destination Protocol
Info
3 22:21:33.422151
192.168.0.1
192.168.0.5
Syslog LOCAL1.NOTICE: Sasser: IP[Src=""
D...
Frame 3 (127 bytes
on wire, 127 bytes captured)
Ethernet II, Src: 00:30:ab:05:05:9a, Dst:
00:04:ac:da:6c:6c
Internet Protocol, Src Addr: 192.168.0.1 (192.168.0.1), Dst
Addr: 192.168.0.5 (192.168.0.5)
User Datagram Protocol, Src Port: 4096
(4096), Dst Port: syslog (514)
Syslog message: LOCAL1.NOTICE: Sasser:
IP[Src="" D...
1000 1... = Facility: LOCAL1 -
reserved for local use (17)
.... .101 = Level: NOTICE -
normal but significant condition (5)
Message: Sasser:
IP[Src="" Dst=204.1.226.230 TCP spo=01164
dpo=00080]}S01>R01nN
The 192.168.0.1
address is a Netgear RT314 Router, and the 192.168.0.5 address is a server
running Windows 2003. Also, any ideas on where I could get good information on
reading packet captures? Starting from the very simple to the
complex.
Any help would be
greatly appreciated.
David