[Snort-devel] snort v2 pb

Chris Green cmg at ...402...
Fri May 9 07:21:09 EDT 2003


rmkml <rmkml at ...1042...> writes:

FFFF> Hi,
>
> I receive this packets this morning : (join tcpdump file)
>
> 05/09-00:26:19.029449  [**] [116:46:1] (snort_decoder) WARNING: TCP
> Header length exceeds packet length! [**] {TCP} 192.168.1.2:0 ->
> 81.51.107.118:0
>
> look tcpdump :
> 00:26:19.029449 192.168.1.2.4662 > 81.51.107.118.3916: R [bad hdr
> length] (ttl 247, id 0, len 40)
>
> Why snort200b72 bad decode tcp port ?
>

Because it quits assigning to the data structure before it alerts
since the error is encountered during processing. 
-- 
Chris Green <cmg at ...402...>
Don't use a big word where a diminutive one will suffice.




More information about the Snort-devel mailing list