[Snort-users] Strange Traffic Flow

Frank Knobbe frank at ...9761...
Fri Oct 14 18:23:57 EDT 2005


On Fri, 2005-10-14 at 21:15 -0400, Jeff Kell wrote:
> > That's normal. Google for "slow link detection domain controller".
> 
> [Some? Most? At least our] SAP/R3 applications send out big fat pings instead of tcp keepalives.  

Right, and certain OSes/devices use large ICMP packets for PMTU
discovery. But he clearly described his setup which involves a domain
controller.

BTW: Those ICMP packets include bitmap data that represent the Microsoft
logo. Feel free to google more on that ;)

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051014/faa94e18/attachment.sig>


More information about the Snort-users mailing list