[Snort-users] Embedded Fragment?

Daniel Holden dholden at ...2819...
Tue Feb 19 22:19:02 EST 2002


Can someone tell me (or point me to the docs) what the following means?

Feb 19 21:52:52 crow kernel: ipt_unclean: (embedded packet) Embedded
fragment.
Feb 19 21:52:51 crow kernel: IN=eth0 OUT= MAC=uglyMacAddressHere
SRC=192.5.4.146 DST=209.142.39.160 LEN=56 TOS=0x00 PREC=0x00 TTL=245
ID=22342 DF PROTO=ICMP TYPE=3 CODE=13 [SRC=209.142.39.160 DST=204.152.187.2
LEN=64 TOS=0x00 PREC=0x00 TTL=55 ID=47316 FRAG:64 PROTO=TCP ]

Thank you
Daniel Holden
dholden at ...2819...
http://www.idsb.net





More information about the Snort-users mailing list