Closed DigiAngel closed 8 years ago
DigiAngel
commented
8 years ago Another example...logs show this:
64.202.161.41 22221 x.x.x.x 53But maltrail has:
64.202.161.41 50887 x.x.x.x 56858I've found that the source port is always 50887, and the destination port is always 56858.
DigiAngel
commented
8 years ago Will send pcap :)
stamparm
commented
8 years ago Will work on it later today. On Dec 16, 2015 7:25 PM, "DigiAngel" notifications@github.com wrote:
Another example...logs show this:
64.202.161.41 22221 x.x.x.x 53
But maltrail has:
64.202.161.41 50887 x.x.x.x 56858
I've found that the source port is always 50887, and the destination port is always 56858.
— Reply to this email directly or view it on GitHub https://github.com/stamparm/maltrail/issues/15#issuecomment-165200154.
DigiAngel
commented
8 years ago Thanks so much...I know you have a real life :)
stamparm
commented
8 years ago @DigiAngel thx for pcap. there was indeed a huge bug related. my fault. bye
DigiAngel
commented
8 years ago This is working great now...ports are showing up as they should...thanks so much!
Hey again. So I've been running the latest git pull for about 4 hours now. After fixing the Cisco VLAN issue (thanks much!) I am seeing src and dst IP's that look correct, but the ports do not. An example:
Src: 64.74.133.82 Src Port: 50887 Dst: x.x.x.x Dst Port: 56863, 56902
Yet packet capturing during this time shows no hits on port 50887. Bro-ids does show 64.74.133.82, but Src port ranges from 33573-38544, with Dst port ranges of 33440-33444, this is a traceroute. Betting something isn't getting translated correctly. Thank you.