[Snort-users] Captured data length < Ethernet header length

Mark Anderson cronus at ...4793...
Thu Jan 31 03:05:08 EST 2002

Forgive me if this has been discussed already but I am
a new subscriber to the list.

I'm running Snort Version 1.8.1-RELEASE (Build 74) which
is probably an old version but I haven't had the chance to
update it. I regularly get the following message in my

snort: Captured data length < Ethernet header length! (0 bytes)

I was hoping someone could shed some light on what 
it means. I'm not even sure how to write a snort rule to
determine which machine it in on the network thats
generating these packets. Or is it my copy of snort ?

Any help would be greatly appreciated.

Mark Anderson.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020131/fd45ead7/attachment.html>

More information about the Snort-users mailing list