[Snort-devel] Problems with snort_decoder (2.01beta Build 77)

Phil Wood cpw at ...86...
Mon May 12 07:21:04 EDT 2003


Chris,

I actually did not delve into the options.  My gripe was with the zero
port numbers.  

05/08-02:21:39.351812  [**] [116:55:1] (snort_decoder): Truncated Tcp
Options [**] [Classification: Potentially Bad Traffic] [Priority: 2]
{TCP} 10.10.6.6:0 -> 202.91.161.250:0
05/08-02:21:41.897073  [**] [116:55:1] (snort_decoder): Truncated Tcp
Options [**] {TCP} 10.10.6.6:0 -> 202.91.161.250:0

tcpdump 3.8 also shows bad options:
02:21:39.351812 10.0.6.6.80 > 202.91.161.250.1985: . ack 3858646804 win
24616 <nop,nop,sackOK,[bad opt]> (DF)
02:21:41.897073 10.0.6.6.80 > 202.91.161.250.1985: . ack 1 win 24616
<nop,nop,sackOK,[bad opt]> (DF)






More information about the Snort-devel mailing list