[Snort-users] [!] WARNING: Not IPv4 datagram! - huh?

John Sage jsage at ...2022...
Sun May 27 13:14:54 EDT 2001


What's this about?

It seems to show up in http packets, kinda at random...

<snip from http packets logged>
:
45 54 41 20 48 54 54 50 2D 45 51 55 49 56 3D 33  ETA HTTP-EQUIV=3
44 22 43 6F 6E 74 65 6E 74 2D 54 79 70 65 22 20  D"Content-Type"
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
43 4F 4E 54 45 4E 54 3D 33 44 22 74 65 78 74 2F  CONTENT=3D"text/
68 74 6D 6C 3B 20 3D 0D 0A 63 68 61 72 73 65 74  html; =..charset
:
20 0A 3C 41 20 48 52 45 46 3D 22 2F 66 61 71 2F   .<A HREF="/faq/
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
66 61 71 35 2E 68 74 6D 6C 23 34 22 3E 73 74 61  faq5.html#4">sta
:
41 41 0A 3C 41 20 48 52 45 46 3D 22 2F 66 61 71  AA.<A HREF="/faq
2F 66 61 71 35 2E 68 74 6D 6C 23 39 22 3E FA 6C  /faq5.html#9">.l
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
74 69 6D 6F 20 41 41 3C 2F 41 3E 3A 20 20 20 20  timo AA</A>:
32 31 2D 31 32 2D 32 30 30 30 0A 73 65 72 76 69  21-12-2000.servi
:
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
05/27-08:59:54.424966 143.108.23.3:80 -> 12.82.128.32:62232
TCP TTL:50 TOS:0x0 ID:36570 IpLen:20 DgmLen:44 DF
***A**S* Seq: 0xD2A94502  Ack: 0xB2FC9216  Win: 0x4470  TcpLen: 24
TCP Options (1) => MSS: 1460
:
05/27-09:19:24.672817 193.0.0.203:80 -> 12.82.128.32:62282
TCP TTL:48 TOS:0x0 ID:12316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE47968E8  Ack: 0xFC7D383B  Win: 0x6028  TcpLen: 32
[!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xc561])
[!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xc561])
TCP Options (3) => NOP NOP TS: 34889575 318946608
:
<end snip>

Any ideas?

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."





More information about the Snort-users mailing list