[Snort-users] why UDP disc acquire?

wkitty42 at ...14940... wkitty42 at ...14940...
Sat Jun 25 08:50:11 EDT 2016


On 06/25/2016 05:01 AM, Andrey Kiryukhin wrote:
> Why you think that udp packet malformed? Tools like wireshark, tcpdump and
> tcpreplay handle it correctly.  This packets have only wrong checksum, but i
>  disable checksum control in Snort by using option "-k none".

a wrong checksum indicates several possible problems...

   malformed packet
   corrupted packet
   modified packet
   bad checksum formula

yes, some would say that the first three are the same thing but there are subtle 
differences... the first one is generated incorrectly, the second one has been 
damaged somewhere along the line and the third one has been modified somehow 
along the line...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list