[Snort-users] Bad Protocol?

Mike Koponick mike at ...7385...
Sun Jan 5 10:01:06 EST 2003


Now that I have decent loggin working, I'm getting some messages that appear
to be normal packets, but SNORT seems to think that something is wrong with
them. I think it might be a rule problem.. has anyone else seen this?

01/05-17:33:24.184929  [**] [118:1:1] (spp_conversation) Bad IP protocol!
[**] {UDP} 192.168.xx.xx:514 -> 192.168.xx.xx:514

Obviously, this is a SYSLOG message, which we do have a node on the network
logging to the snort box for syslog parsing.

This is what the packet looks like:

[**] (spp_conversation) Bad IP protocol! [**]
01/04-15:56:38.598158 192.168.xx.xx:514 -> 192.168.xx.xx:514
UDP TTL:255 TOS:0x0 ID:46088 IpLen:20 DgmLen:171

Thanks in advance for your help.

Mike





More information about the Snort-users mailing list