[Snort-users] icmp: is this real?

Chris Green cmg at ...1935...
Sun Mar 31 19:32:04 EST 2002


John Sage <jsage at ...2022...> writes:

> Is this a _real_ icmp packet, or a ghost in the machine?
>
> Ths was in a portscan I got around midnight 03/30/02. It is in
> sequence with the IP ID ahead of it, and after..
>
> And it _didn't_ have the  Type: Code: ID: Seq:  data line as all other
> packets usually do..
>
> The DgmLen: is clearly bogus, unless snort is on crack..
>
> Oh yeah, snort 1.8.2 build 86, running on Linux 2.2.14.

Please upgrade to snort-stable off the downloads page on
www.snort.org.  That was fixed post 1.8.3

-- 
Chris Green <cmg at ...1935...>
Don't use a big word where a diminutive one will suffice.




More information about the Snort-users mailing list