
        --== Initializing Snort ==--
TCPDUMP file reading mode.
Reading network traffic from "newdat3.log" file.
snaplen = 1514

        --== Initialization Complete ==--
09/17-08:47:47.325469 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12705 IpLen:20 DgmLen:60 DF
******S* Seq: 0x967480F9  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 29942572 0 NOP WS: 0 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.407624 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6463 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x1EEF5545  Ack: 0x967480FA  Win: 0xFFFF  TcpLen: 40
TCP Options (6) => NOP NOP TS: 2341687123 29942572 NOP WS: 2 
TCP Options => MSS: 1460 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.409409 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12707 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x967480FA  Ack: 0x1EEF5546  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942579 2341687123 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.490632 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6464 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF5546  Ack: 0x967480FA  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687131 29942579 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.492252 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6465 IpLen:20 DgmLen:152 DF
***AP*** Seq: 0x1EEF5546  Ack: 0x967480FA  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687131 29942579 
220-HotMail (NO UCE) ESMTP server ready at Sun, 16 Sep 2001 17:4
6:55 -0700 ..220 ESMTP spoken here.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.496962 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12708 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x967480FA  Ack: 0x1EEF55AA  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942587 2341687131 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.501048 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12709 IpLen:20 DgmLen:80 DF
***AP*** Seq: 0x967480FA  Ack: 0x1EEF55AA  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942587 2341687131 
EHLO localhost.localdomain.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.580025 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6466 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF55AA  Ack: 0x96748116  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687140 29942587 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.582666 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6467 IpLen:20 DgmLen:107 DF
***AP*** Seq: 0x1EEF55AA  Ack: 0x96748116  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687141 29942587 
250-hotmail.com Hello..250-8bitmime..250 SIZE 1572864.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.586052 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12710 IpLen:20 DgmLen:102 DF
***AP*** Seq: 0x96748116  Ack: 0x1EEF55E1  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942593 2341687141 
MAIL From:<root@localhost.localdomain> SIZE=2794.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.668347 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6468 IpLen:20 DgmLen:95 DF
***AP*** Seq: 0x1EEF55E1  Ack: 0x96748148  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687149 29942593 
250 Requested mail action okay, completed.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.671541 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12711 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0x96748148  Ack: 0x1EEF560C  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942601 2341687149 
RCPT To:<hatcheryhatched@hotmail.com>.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.825783 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6469 IpLen:20 DgmLen:95 DF
***AP*** Seq: 0x1EEF560C  Ack: 0x9674816F  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687165 29942601 
250 Requested mail action okay, completed.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.916758 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12713 IpLen:20 DgmLen:58 DF
***AP*** Seq: 0x9674816F  Ack: 0x1EEF5637  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942612 2341687165 
DATA.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:47.997012 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6470 IpLen:20 DgmLen:98 DF
***AP*** Seq: 0x1EEF5637  Ack: 0x96748175  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687182 29942612 
354 Start mail input; end with <CRLF>.<CRLF>.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.087049 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12714 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x96748175  Ack: 0x1EEF5665  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942618 2341687182 
Received: (from root@localhost)...by localhost.localdomain (8.9.
3/8.9.3) id FAA08755;...Sun, 16 Sep 2001 05:01:57 -0400..Date: S
un, 16 Sep 2001 05:01:57 -0400..From: root <root@localhost.local
domain>..MIME-Version: 1.0..To: hatcheryhatched@hotmail.com..Sub
ject: ns1..Message-ID: <0_8752_1000630917_1@ns1>..Content-ID: <0
_8752_1000630917_2@ns1>..Content-type: text/richtext..Content-Tr
ansfer-Encoding: quoted-printable....ns1..=3D=3D=3D=3D=3D=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D=3
D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=..=3D=3D..RKstatus: 24..Name: Linux ns1 2.2.14-5.0 #1 Tue Ma
r 7 20:53:41 EST 2000 i586 unknown..IfConfig:           inet add
r:192.168.1.102  Bcast:192.168.1.255  Mask:25=..5.255.255.0..<nl
>          inet addr:127.0.0.1  Mask:255.0.0.0..Uptime:   5:01am
  up 3 days, 11:10,  1 user,  load average: 0.04, 0.04, 0=..=2E0
0..Cpu Vendor ID: vendor_id.: GenuineIntel..Cpu Speed: cpu MHz..
: 327.909610..Bogomips: bogomips.: 187.19..Hard disk free space:
 Filesystem            Size  Used Avail Use% Mounted=.. on../dev
/hda1             421M  369M   30M  92% /..=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D=
3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=3D=..=3D=3D..root:x:0:0:root:/root:/bin/bash..bin:x:1:1:bin:/b
in:..daemon:x:2:2:daemon:/sbin:..adm:x:3:4:adm:/var/adm:..lp:x:4
:7:lp:/var/spool/lpd:..sync:x:5:0:sync:/ 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.088216 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12715 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x9674871D  Ack: 0x1EEF5665  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942619 2341687182 
sbin:/bin/sync..shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown..ha
lt:x:7:0:halt:/sbin:/sbin/halt..mail:x:8:12:mail:/var/spool/mail
:..news:x:9:13:news:/var/spool/news:..uucp:x:10:14:uucp:/var/spo
ol/uucp:..operator:x:11:0:operator:/root:..games:x:12:100:games:
/usr/games:..gopher:x:13:30:gopher:/usr/lib/gopher-data:..ftp:x:
14:50:FTP User:/home/ftp:..nobody:x:99:99:Nobody:/:..xfs:x:43:43
:X Font Server:/etc/X11/fs:/bin/false..named:x:25:25:Named:/var/
named:/bin/false..postgres:x:26:26:PostgreSQL Server:/var/lib/pg
sql:/bin/bash..john:x:500:500:John:/home/john:/bin/bash..dns:x:0
:0::/bin:/bin/bash..=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D..root:$1$
SC5o0bc.$hD0izKXWmEZWK3ZZQOg9z1:11577:0:99999:7:-1:-1:134539276.
.bin:*:11577:0:99999:7:::..daemon:*:11577:0:99999:7:::..adm:*:11
577:0:99999:7:::..lp:*:11577:0:99999:7:::..sync:*:11577:0:99999:
7:::..shutdown:*:11577:0:99999:7:::..halt:*:11577:0:99999:7:::..
mail:*:11577:0:99999:7:::..news:*:11577:0:99999:7:::..uucp:*:115
77:0:99999:7:::..operator:*:11577:0:99999:7:::..games:*:11577:0:
99999:7:::..gopher:*:11577:0:99999:7:::..ftp:*:11577:0:99999:7::
:..nobody::11577:0:99999:7:-1:-1:134532692..xfs:!!:11577:0:99999
:7:::..named:!!:11577:0:99999:7:::..postgres:!!:11577:0:99999:7:
::..john:$1$yxVGaPxi$l49rrYul6ZuSXjjPkTBrX0:11577:0:99999:7:-1:-
1:134539276..dns::11581:0:99999:7:-1:-1: 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.207063 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6471 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF5665  Ack: 0x9674871D  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687203 29942618 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.341541 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6472 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF5665  Ack: 0x96748CC5  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687217 29942619 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.368068 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12717 IpLen:20 DgmLen:230 DF
***AP*** Seq: 0x96748CC5  Ack: 0x1EEF5665  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942639 2341687217 
134532692..=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=..=3D=3D..... 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.551461 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6473 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF5665  Ack: 0x96748D77  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687238 29942639 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.661497 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6474 IpLen:20 DgmLen:95 DF
***AP*** Seq: 0x1EEF5665  Ack: 0x96748D77  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687249 29942639 
250 Requested mail action okay, completed.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.750411 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12719 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x96748D77  Ack: 0x1EEF5690  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942665 2341687249 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.752042 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12720 IpLen:20 DgmLen:58 DF
***AP*** Seq: 0x96748D77  Ack: 0x1EEF5690  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942665 2341687249 
QUIT.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.838517 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6475 IpLen:20 DgmLen:94 DF
***AP*** Seq: 0x1EEF5690  Ack: 0x96748D7D  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687266 29942665 
221 Service closing transmission channel.. 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.838907 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6476 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x1EEF56BA  Ack: 0x96748D7D  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687266 29942665 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.841535 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12721 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x96748D7D  Ack: 0x1EEF56BB  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942672 2341687266 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.849283 192.168.1.102:1031 -> 64.4.49.71:25
TCP TTL:64 TOS:0x0 ID:12722 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x96748D7D  Ack: 0x1EEF56BB  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29942672 2341687266 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

09/17-08:47:48.935505 64.4.49.71:25 -> 192.168.1.102:1031
TCP TTL:238 TOS:0x0 ID:6477 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x1EEF56BB  Ack: 0x96748D7E  Win: 0x80AE  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2341687276 29942672 
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+



===============================================================================

Snort processed 29 packets.
Breakdown by protocol:                Action Stats:

    TCP: 29         (100.000%)         ALERTS: 0         
    UDP: 0          (0.000%)          LOGGED: 0         
   ICMP: 0          (0.000%)          PASSED: 0         
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
   Rebuilt IP Packets: 0         
   Frag elements used: 0         
Discarded(incomplete): 0         
   Discarded(timeout): 0         
===============================================================================

TCP Stream Reassembly Stats:
   TCP Packets Used:      0          (0.000%)
   Reconstructed Packets: 0          (0.000%)
   Streams Reconstructed: 0         
===============================================================================