[Snort-users] some strange alerts

dawnshade h-k at ...1975...
Wed Apr 16 00:04:06 EDT 2003


uderstand!!!

This ICQ traffic:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

IP header truncated! (18 bytes)
Not IPv4 datagram! ([ver: 0x0][len: 0x200])
04/16-10:59:00.144035 194.*.*.*:1283 -> 64.12.164.249:80
TCP TTL:126 TOS:0x0 ID:1628 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC8254FA4  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

It bug or feature???


----------
Best regards,
 dawnshade                            mailto:h-k at ...1975...





More information about the Snort-users mailing list