[Snort-devel] add tcp port info on (snort_decoder) WARNING: TCP Data Offset is less than ... (snort240b18)

rmkml rmkml at ...879...
Fri Aug 5 02:53:58 EDT 2005


Hi,

Im receveid tcp packet with data offset less than 5,

ok snort240b18 event this :

08/04-13:48:52.684558  [**] [116:46:1] (snort_decoder) WARNING: TCP Data 
Offset is less than 5! [**] {TCP} 16.243.18.110:0 -> x.x.x.x:0

Possible add tcp port info if ip proto is tcp ?

looks tethereal information :
   1 13:48:51.084218 16.243.18.110 -> x.x.x.x TCP 3221 > 25 [RST] 
Seq=0 Ack=0 Win=0, bogus TCP header length (12, must be at least 20)

Regards
Rmkml




More information about the Snort-devel mailing list