[Snort-users] snort log interpretation
mstubbs at ...842...
Fri Nov 24 16:25:22 EST 2000
Several things snort typically complains about: truncated ethernet
truncated tcp header, and icmp port unreachable, I don't understand how
to evaluate these. So far I throw the info away because I can't tell if
anything or not. I take it that someone knows how to evaluate these or I
don't suppose snort would report on them otherwise. Anyone have any
to (free) information or books?
More information about the Snort-users