[Snort-users] snort log interpretation

robin stubbs mstubbs at ...842...
Fri Nov 24 16:25:22 EST 2000


Several things snort typically complains about: truncated ethernet
header,
truncated tcp header, and icmp port unreachable, I don't understand how
to evaluate these. So far I throw the info away  because I can't tell if
it means
anything or not. I take it that someone knows how to evaluate these or I 
don't suppose snort would report on them otherwise. Anyone have any
references
to (free) information or books?



More information about the Snort-users mailing list