[Snort-users] Packet size in snort log
mkettler at ...4108...
Mon Nov 10 15:02:07 EST 2003
At 09:29 AM 11/10/2003, nick travis wrote:
>Below is section from my snort log, How can I figure out the size of
>this packet in bytes based off this info?
> > 11/10-08:58:30.639214 10.31.178.196:137 -> 10.31.179.255:137
> > UDP TTL:128 TOS:0x0 ID:54163 IpLen:20 DgmLen:78
> > Len: 50
Which length are you interested in? Ethernet, IP, or UDP? Packets have
different sizes depending what layer you are interested in.
This packet was a 78 byte IP packet, with 20 bytes of IP header, 8 bytes of
UDP header, and 50 bytes of UDP payload.
The IpLen: specifies the length of the IP header
The DgmLen: specifies the total length of the IP packet, including all IP
The Len: specifies the payload length, at the lowest layer that snort could
decode, which in this case is UDP.
Assuming ethernet headers and CRC of 18 bytes, the total on-ethernet-wire
size of the was 96 bytes, or 92 bytes without CRC.
More information about the Snort-users