[Snort-devel] snort v2 pb

rmkml rmkml at ...1042...
Fri May 9 01:28:07 EDT 2003


Hi,

I receive this packets this morning : (join tcpdump file)

05/09-00:26:19.029449  [**] [116:46:1] (snort_decoder) WARNING: TCP
Header length exceeds packet length! [**] {TCP} 192.168.1.2:0 ->
81.51.107.118:0

look tcpdump :
00:26:19.029449 192.168.1.2.4662 > 81.51.107.118.3916: R [bad hdr
length] (ttl 247, id 0, len 40)

Why snort200b72 bad decode tcp port ?

Regard.

PS: snort 191 not event this bad tcp length ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: badtcpheaderlength.tcpdump.gz
Type: application/x-gzip
Size: 849 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030509/82d262d5/attachment.bin>


More information about the Snort-devel mailing list