[Bro] About the output format

Cliff zhangwei at comexgenesys.com
Mon Sep 6 01:14:36 PDT 2004


Hi all,
    I input the command as following:
                ./bro -i eth0 mt
    
    The output is as following:
1094468791.638379 0.105562 192.168.10.124 211.91.212.51 other 3032 24631 tcp ? ? REJ X
1094468791.638448 0.415231 192.168.10.124 218.25.150.228 other 3030 6002 tcp ? ? REJ X
1094468792.383596 0.000666 221.199.8.218 192.168.10.124 other 7206 3028 tcp 0 0 SF X
1094468792.392729 15.350670 192.168.10.109 61.135.158.131 http 2140 80 tcp 360 559 RSTO X
1094468822.722984 0.000914 192.168.10.135 210.19.14.6 pop-3 1544 110 tcp 0 0 SF X
1094468815.766135 9.566325 192.168.10.119 210.19.14.6 pop-3 4550 110 tcp 58 73 SF X
1094468827.517104 0.001351 192.168.10.117 192.168.10.138 netbios-ssn 1298 139 tcp 0 0 SF X
1094468826.497050 1.021691 192.168.10.119 165.254.12.131 http 4554 80 tcp 878 2003 SF X
1094468827.351215 0.845803 192.168.10.119 218.1.65.18 http 4559 80 tcp 559 477 SF X
1094468827.373599 0.832877 192.168.10.119 218.1.65.18 http 4560 80 tcp 584 452 SF X
1094468847.453140 0.502465 192.168.10.124 218.25.150.228 other 3034 6002 tcp ? ? REJ X
1094468848.450949 0.117970 192.168.10.124 211.91.212.51 other 3037 24631 tcp ? ? REJ X
1094468848.371727 0.546075 192.168.10.124 218.25.150.228 other 3034 6002 tcp ? ? REJ X
1094468848.975291 0.077632 192.168.10.124 211.91.212.51 other 3037 24631 tcp ? ? REJ X
1094468835.266162 0.001448 192.168.10.116 210.19.14.6 smtp 2218 25 tcp 0 0 SF X

    I don't understand the latter output format as "tcp 360 559 RSTO X",who can explain it detailed.

Thanks,
Cliff





More information about the Bro mailing list