[Snort-users] Question, probably really simple, but a question nontheless
kjsmith at ...13166...
Fri Oct 7 08:28:51 EDT 2005
First off a little background with me. At the office, I'm pretty much the only one with Unix/Linux experience and my boss watned me to set up snort to monitor traffic in basically areas that we would normally delete the traffic. Things that I am not good with, are TCP packet information (but I am learning). So bear with me if the questions are really easy ones to answer.
I have noticed from the Snort dialy reports that I have been getting a lot more of the following warnings
95 184.108.40.206 220.127.116.11 (snort_decoder) WARNING: TCP Data Offset is less than 5!
Obviously the number (95 in this case) changes and the destination IP varies, but it is always 64.7.xxx.0. Should I be concerned about this increase (which is always from the same source)? What does this Offset mean and why is less than 5 so important to note? Any help would be great.
More information about the Snort-users