[Snort-users] TCP header length exceeds packet length

mouss usebsd at ...953...
Mon Nov 3 14:15:11 EST 2003

Erik Nyman wrote:
> Hi!
> I'm testing a tool built by extol
> (http://www.extol.com.my/news/warning/other/blaster_detection.htm) but I get
> this warning message that I don't understand.
> WARNING: TCP Header length exceeds packet length!
> I have searched for an explanation, but I can't find any.
> Anyone that can explain what to do about the PC that sends these packets?

May be the IP length has been written in host format instead of network 
format (so that would be a bug...?)
Are the ports set to zero or are they valid ports?

More information about the Snort-users mailing list