Snort Analyser
First select your Wireshark trace:
Trace name: /log/hydra_telnet.zip
Snort Output
Click here for the Pcap file. The Snort output is:
alert.ids: [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.333781 192.168.47.171:7104 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31573 IpLen:20 DgmLen:48 DF ******S* Seq: 0xB3747913 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.334923 192.168.47.171:7105 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31577 IpLen:20 DgmLen:48 DF ******S* Seq: 0x5722FE4 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.335830 192.168.47.171:7106 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31581 IpLen:20 DgmLen:48 DF ******S* Seq: 0x985C9D8D Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.336734 192.168.47.171:7107 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31585 IpLen:20 DgmLen:48 DF ******S* Seq: 0xAA7ECCB2 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.337598 192.168.47.171:7108 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31589 IpLen:20 DgmLen:48 DF ******S* Seq: 0x638BE6CB Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.339865 192.168.47.171:7109 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31593 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1F7FD1C3 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.340796 192.168.47.171:7110 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31599 IpLen:20 DgmLen:48 DF ******S* Seq: 0x269B5960 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.341633 192.168.47.171:7111 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31603 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA83F35EE Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.342685 192.168.47.171:7112 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31605 IpLen:20 DgmLen:48 DF ******S* Seq: 0x8A679E96 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.344080 192.168.47.171:7113 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31609 IpLen:20 DgmLen:48 DF ******S* Seq: 0x4473BE34 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.344943 192.168.47.171:7114 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31613 IpLen:20 DgmLen:48 DF ******S* Seq: 0x50C01BF0 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:04.345720 192.168.47.171:7115 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31616 IpLen:20 DgmLen:48 DF ******S* Seq: 0x5C3D70F2 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.397466 192.168.47.171:7116 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31635 IpLen:20 DgmLen:48 DF ******S* Seq: 0xE2D4417C Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.399194 192.168.47.171:7117 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31638 IpLen:20 DgmLen:48 DF ******S* Seq: 0x77CEE2F8 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.400866 192.168.47.171:7118 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31641 IpLen:20 DgmLen:48 DF ******S* Seq: 0xCAFA228C Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.402389 192.168.47.171:7119 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31644 IpLen:20 DgmLen:48 DF ******S* Seq: 0xB4FD845 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.403931 192.168.47.171:7120 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31647 IpLen:20 DgmLen:48 DF ******S* Seq: 0x5CE39727 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.406594 192.168.47.171:7121 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31650 IpLen:20 DgmLen:48 DF ******S* Seq: 0x958F7F9C Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.409396 192.168.47.171:7122 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31653 IpLen:20 DgmLen:48 DF ******S* Seq: 0x4D599104 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:05.411938 192.168.47.171:7123 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31656 IpLen:20 DgmLen:48 DF ******S* Seq: 0x8BB71C2E Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.427166 192.168.47.171:7124 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31667 IpLen:20 DgmLen:48 DF ******S* Seq: 0x7CDEF680 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.428568 192.168.47.171:7125 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31670 IpLen:20 DgmLen:48 DF ******S* Seq: 0x269F6556 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.429878 192.168.47.171:7126 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31673 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF11FCB6 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.431180 192.168.47.171:7127 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31676 IpLen:20 DgmLen:48 DF ******S* Seq: 0x89FC9691 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.453609 192.168.47.171:7128 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31679 IpLen:20 DgmLen:48 DF ******S* Seq: 0x68623915 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.455235 192.168.47.171:7129 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31682 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA44F0AF9 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.456822 192.168.47.171:7130 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31685 IpLen:20 DgmLen:48 DF ******S* Seq: 0xD757495F Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:06.460516 192.168.47.171:7131 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31690 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF943DB7C Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.458662 192.168.47.171:7132 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31699 IpLen:20 DgmLen:48 DF ******S* Seq: 0x55DDB4BB Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.459677 192.168.47.171:7133 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31701 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1BF56EE2 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.461291 192.168.47.171:7134 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31705 IpLen:20 DgmLen:48 DF ******S* Seq: 0x65436E51 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.463402 192.168.47.171:7135 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31708 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA4464A0B Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.474398 192.168.47.171:7136 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31711 IpLen:20 DgmLen:48 DF ******S* Seq: 0x5A4A47E6 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.493031 192.168.47.171:7137 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31718 IpLen:20 DgmLen:48 DF ******S* Seq: 0x8B79AC28 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.494348 192.168.47.171:7138 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31721 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF000037 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:07.495899 192.168.47.171:7139 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31724 IpLen:20 DgmLen:48 DF ******S* Seq: 0x75AAECBC Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.491772 192.168.47.171:7140 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31731 IpLen:20 DgmLen:48 DF ******S* Seq: 0x26C0B494 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.492415 192.168.47.171:7141 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31734 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA06F792A Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.492996 192.168.47.171:7142 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31737 IpLen:20 DgmLen:48 DF ******S* Seq: 0xB0629068 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.505347 192.168.47.171:7143 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31740 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA40F9CE0 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.521723 192.168.47.171:7144 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31746 IpLen:20 DgmLen:48 DF ******S* Seq: 0x803AA71E Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.522297 192.168.47.171:7145 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31749 IpLen:20 DgmLen:48 DF ******S* Seq: 0x24B32AFA Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.522860 192.168.47.171:7146 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31752 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1F80B237 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:08.536787 192.168.47.171:7147 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31756 IpLen:20 DgmLen:48 DF ******S* Seq: 0x14F6720A Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.521515 192.168.47.171:7148 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31795 IpLen:20 DgmLen:48 DF ******S* Seq: 0x2B97C222 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.522721 192.168.47.171:7149 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31797 IpLen:20 DgmLen:48 DF ******S* Seq: 0x97F11A7B Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.524774 192.168.47.171:7150 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31799 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF573527D Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.552687 192.168.47.171:7152 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31801 IpLen:20 DgmLen:48 DF ******S* Seq: 0x50D7A98E Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.553211 192.168.47.171:7153 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31802 IpLen:20 DgmLen:48 DF ******S* Seq: 0x11566AC9 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.554475 192.168.47.171:7151 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31805 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1A3AB744 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.567595 192.168.47.171:7154 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31809 IpLen:20 DgmLen:48 DF ******S* Seq: 0xA8D4588 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:09.567818 192.168.47.171:7155 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31810 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1D0C2451 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:10.598639 192.168.47.171:7156 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31819 IpLen:20 DgmLen:48 DF ******S* Seq: 0x9BF6D1FF Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:10.599238 192.168.47.171:7157 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31822 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF64E2C5E Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:10.614208 192.168.47.171:7158 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31825 IpLen:20 DgmLen:48 DF ******S* Seq: 0x402B611B Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:10.614775 192.168.47.171:7159 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31828 IpLen:20 DgmLen:48 DF ******S* Seq: 0xB5F4A09D Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:11.645874 192.168.47.171:7160 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31835 IpLen:20 DgmLen:48 DF ******S* Seq: 0xAB6F7EB9 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:11.647355 192.168.47.171:7161 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31838 IpLen:20 DgmLen:48 DF ******S* Seq: 0xC425E08B Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:11.648364 192.168.47.171:7162 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31841 IpLen:20 DgmLen:48 DF ******S* Seq: 0x17E7E3FB Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:11.661451 192.168.47.171:7163 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31844 IpLen:20 DgmLen:48 DF ******S* Seq: 0x361D7A0E Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:12.676779 192.168.47.171:7164 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31851 IpLen:20 DgmLen:48 DF ******S* Seq: 0x1F6D23D5 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:12.677415 192.168.47.171:7165 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31854 IpLen:20 DgmLen:48 DF ******S* Seq: 0x3892E29C Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:12.693484 192.168.47.171:7166 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31857 IpLen:20 DgmLen:48 DF ******S* Seq: 0xDB809DCB Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:12.709944 192.168.47.171:7167 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31862 IpLen:20 DgmLen:48 DF ******S* Seq: 0x74075B5A Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:13.707855 192.168.47.171:7168 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31867 IpLen:20 DgmLen:48 DF ******S* Seq: 0x862B556F Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:13.723792 192.168.47.171:7169 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31870 IpLen:20 DgmLen:48 DF ******S* Seq: 0x442C2F00 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:13.739504 192.168.47.171:7170 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31874 IpLen:20 DgmLen:48 DF ******S* Seq: 0xCD26319F Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:13.755385 192.168.47.171:7171 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31878 IpLen:20 DgmLen:48 DF ******S* Seq: 0xCD2185FE Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:14.739473 192.168.47.171:7172 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31917 IpLen:20 DgmLen:48 DF ******S* Seq: 0x12D09EC3 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:14.770933 192.168.47.171:7173 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31919 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF05A32C0 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:14.786104 192.168.47.171:7174 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31921 IpLen:20 DgmLen:48 DF ******S* Seq: 0xCF6D2E43 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:9000005:1] Telnet Login [**] [Priority: 0] 01/12-11:48:14.802049 192.168.47.171:7175 -> 192.168.47.200:23 TCP TTL:128 TOS:0x0 ID:31923 IpLen:20 DgmLen:48 DF ******S* Seq: 0xF0942908 Ack: 0x0 Win: 0xFFFF TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK |
Rules file
alert tcp any any <> any 23 (flags:S; msg:"Telnet Login";sid:9000005;rev:1;)
Examples
You can use Snort as a stand-alone analyser using the "-r" option. The following are the traces that can be used in Snort:
- Trace with Hydra FTP crack/Bad Login: here Test.
- Trace with Hydra Telnet crack: here Test.
- Trace with Port Scan: here Test.
- Trace with SYN Flood (DoS): here Test.
- Trace with FIN Flood (DoS): here Test.
- Trace with PDF file: here Test.
- Trace with GIF file: here Test.
- Trace with PNG file: here Test.
- Trace with email attachments (MIME): here Test.
- Trace with email addresses: here Test.
- Trace with credit card details: here Test.
- Trace with DNS: here Test.
- Trace with Ping sweep: here Test.
- Trace with SNMP: here Test.
- Trace with ARP Spoof: here Test.
- Trace with Heartbleed: here Test.
- Teardrop DoS: here Test.
- Bittorrent: here Test.