[Snort-users] snort 1.7 on OpenBSD and null header length

Martin Roesch roesch at ...421...
Thu Jan 18 01:47:36 EST 2001


The header length for the NULL interface that you're listening on is
less than 4 bytes.  You can turn off this message by simply editing the
DecodeNullPkt() function in decode.c and commenting out the ErrorMessage
call at the bottom of the function.  I'm going to put a patch into the
program that will only allow this message to be sent when the -v flag is
set.

   -Marty

Todd Ransom wrote:
> 
> Can anyone tell me what this means?
> 
> Jan 14 21:47:38 heimdall snort: NULL header length < captured len! (0 bytes)
> Jan 14 21:48:08 heimdall last message repeated 22546 times
> Jan 14 21:50:09 heimdall last message repeated 86796 times
> Jan 14 22:00:10 heimdall last message repeated 422193 times
> Jan 14 22:10:12 heimdall last message repeated 425756 times
> Jan 14 22:20:12 heimdall last message repeated 418332 times
> Jan 14 22:30:13 heimdall last message repeated 421912 times
> Jan 14 22:40:14 heimdall last message repeated 421058 times
> Jan 14 22:50:15 heimdall last message repeated 420325 times
> Jan 14 23:00:17 heimdall last message repeated 419379 times
> Jan 14 23:10:18 heimdall last message repeated 425026 times
> Jan 14 23:20:18 heimdall last message repeated 422251 times
> Jan 14 23:30:19 heimdall last message repeated 424315 times
> Jan 14 23:40:20 heimdall last message repeated 409748 times
> Jan 14 23:50:21 heimdall last message repeated 408098 times
> Jan 15 00:00:22 heimdall last message repeated 409798 times
> Jan 15 00:10:23 heimdall last message repeated 421125 times
> [and on and on]
> 
> TR
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list