Log Example

[**] BACKDOOR BackOrifice access [**]
06/07-20:55:38.833713 24.202.58.88:2982 -> 24.23.60.184:31337
UDP TTL:115 TOS:0x0 ID:3083 IpLen:20 DgmLen:46
Len: 26
0x0000: 00 E0 29 53 D8 D4 00 50 3E E2 5C 70 08 00 45 00 ..)S...P>.\p..E.
0x0010: 00 2E 0C 0B 00 00 73 11 93 C3 18 CA 3A 58 18 17 ......s.....:X..
0x0020: 3C B8 0B A6 7A 69 00 1A 7B 7D CE 63 D1 D2 16 E7 <...zi..{}.c....
0x0030: 13 CF 39 A5 A5 86 4D 8A B4 66 AA 32 ..9...M..f.2

[**] BACKDOOR BackOrifice access [**] Rule Name
06/07-20:55:38.833713 Full Date/Time
UDP Protocol Type
TTL:115 Time To Live
TOS:0x0 Type Of Service
ID:3083 Session ID
IpLen:20 IP Length
DgmLen:46 Datagram Length
Len: 26 Length
[**] BACKDOOR BackOrifice access [**] Rule Name

The rule name is inserted from the "msg" field in the snort rule.
Below is the rule that caused the alert:

alert tcp any 80 -> any any (msg:"BACKDOOR BackOrifice access";
flags: A+; content: "server|3a| BO|2f|"; reference:arachnids,400;)

Full Date/Time - 06/07-20:55:38.833713
The time is notated in 24 hour time with the system date.
The (-U) flag may be set to have the times logged in
UTC, in addition to the (-y) flag to insert the current year.

Application Layer Dump
The (-d) option is used to display the ASCII and HEX contents of the application layer.

(Hex Data)
0x0000: 00 E0 29 53 D8 D4 00 50 3E E2 5C 70 08 00 45 00 ..)S...P>.\p..E.
0x0010: 00 2E 0C 0B 00 00 73 11 93 C3 18 CA 3A 58 18 17 ......s.....:X..
0x0020: 3C B8 0B A6 7A 69 00 1A 7B 7D CE 63 D1 D2 16 E7 <...zi..{}.c....
0x0030: 13 CF 39 A5 A5 86 4D 8A B4 66 AA 32 ..9...M..f.2

(ASCII Data)
..)S...P>.\p..E
. ......s.....:X..