[Snort-users] Sniffers Misbehaviors (MS Network Monitor & tcpdump)?

Ryan Russell ryan at ...35...
Tue Jan 2 13:31:56 EST 2001


On Wed, 3 Jan 2001, Fyodor wrote:

> Aha.. that explains why (with just committed change applied) sometimes I observe 6-bytes difference
> in legimate packets. Shall we get rid off those warning messages then? :)
>

Dunno... I always thought it would be a fun covert channel to play with.
I wonder if it's always 0's or what.  Would make an interesting research
project.  The padding will only exist at layer 2... the IP stack will
typically never see it.

					Ryan





More information about the Snort-users mailing list