11-19-2003 02:34 AM - edited 03-09-2019 05:35 AM
I am busy analyzing the alarm Windows Locator Service Overflow with in our network. The signature says that it will trigger when with the following parameters
8 - MinMatchLength = 2000
11 - ServicePorts = 139,445
I would like to see an example of when this alarm has triggererd and then corilate that with the iplog capture that has been taken during the same period.
Can anyone on the list tell me what the ethereal or tcpdump filter should look like in order to filter these packets to the display?
Would eth.len > 2000 work?
11-19-2003 05:09 PM
Is this on a 3.1 sensor?
11-20-2003 12:45 AM
it is indeed!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: