[Snort-users] Possible Snort bug.

Glenn Larsson ichinin at ...5794...
Tue May 7 08:16:03 EDT 2002


Hi.

This happened when i moving files from System A to B

(The data i was moving at the time was an assortment of
 exploits, security tools, documents and images, but that
 shouldn't matter right?)

When i looked back at System B, this was pouring out on
the snort console:

"Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)"
 (and so on)

I tried to ping the system to see if it showed output of the
ICMP packet, but nope - it did not see my icmp traffic, it
appeared "locked" in a loop.

Tech Specs:
-----------
System A = AMD K6-2 350, NT Srv 4.0, SP4, Protocols:IP and IPX
System B = Intel Pentium 133, NT Srv 4.0, SP5, Protocols:IP and NetBEUI

Packet driver = WinPcap 2.3
Snort Version = 1.8.5 (Win32)
Commandline = Snort.exe -v -y -c snort.conf -l log

Anyone know why this could have happened?

Regards,
Glenn




More information about the Snort-users mailing list