[Snort-users] Question about Incomplete Packet Fragments Discarded

Didier CONTIS dcontis at ...163...
Sun May 20 22:54:10 EDT 2001


I have started to run the last cvs version of Snort
for analyzing our gigabit uplink to our campus backbone.

I am getting dozen of incomplete packets fragments discarded
from the defrag plugin (see below)

I was wondering how I can turn off these messages ? Most of
the addresses appearing are legitimate address ? Should I be worried
with some kind of misconfiguration ?

Thanks in advance for any answer.

Didier.

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:18:55.911524 130.207.A.B:0 -> 130.207.C.D:0
UDP TTL:254 TOS:0x0 ID:30430 IpLen:20 DgmLen:8336 DF
UDP header truncated

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:19:09.991524 199.77.A.B:0 -> 130.207.E.F:0
UDP TTL:254 TOS:0x0 ID:30097 IpLen:20 DgmLen:8336 DF
UDP header truncated

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:21:16.171524 199.77.C.D:0 -> 130.207.G.H:0
UDP TTL:254 TOS:0x0 ID:30212 IpLen:20 DgmLen:8336 DF
UDP header truncated





More information about the Snort-users mailing list