[Snort-users] Strange Traffic Flow
frank at ...9761...
Fri Oct 14 18:23:57 EDT 2005
On Fri, 2005-10-14 at 21:15 -0400, Jeff Kell wrote:
> > That's normal. Google for "slow link detection domain controller".
> [Some? Most? At least our] SAP/R3 applications send out big fat pings instead of tcp keepalives.
Right, and certain OSes/devices use large ICMP packets for PMTU
discovery. But he clearly described his setup which involves a domain
BTW: Those ICMP packets include bitmap data that represent the Microsoft
logo. Feel free to google more on that ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users