[Snort-users] Sniffers Misbehaviors (MS Network Monitor & tcpdump)?
ryan at ...35...
Tue Jan 2 14:37:23 EST 2001
On Wed, 3 Jan 2001, Fyodor wrote:
> so here complain if buffer length is bigger that ETHERNET_MTU which is 1500 bytes. This conclusion
> (IMHO) actually isn't fully correct, other datalinks may have different MTU (normally smaller, but
> maybe there's a one which is not?).
FDDI is 4096. Don't remember what Toekn Ring is... I think it's bigger
than 1500. There's a spec for some giant Ethernet frames that goes to I
think 64K. Serial lines can be configured for all sorts of MTU. Lesse...
here's one doc, MS of all places:
Don't know what link layers Snort (libpcap?) intends to support... but
1500 is too small for a hard max.
More information about the Snort-users