Snort mailing list archives

Previous By Date Next
Previous By Thread Next

bogus buffer length

From: Marcelo Gulin <listas () informatic-sa com ar>
Date: Thu, 23 Aug 2001 14:44:44 -0300
Hi!

  Need some help here. I'm running debian woody, kernel 2.2.19 w/ipchains and 
snort (1.7-9 .deb pkg).  

  'snort -dvi ppp0' dump lot of packets with ***AP*** flags (ACK/PSH flags 
set ON?) and ACK packets with the message "bogus buffer length (1440) for 
PrintNetData.....". Why????

thanks in advance
Marcelo

<1>
08/23-08:07:27.944882 200.5.123.21:80 -> 200.69.43.144:61246
TCP TTL:61 TOS:0x0 ID:22175 IpLen:20 DgmLen:60 DF
***AP*** Seq: 0x1970F312  Ack: 0x2EF7F0F1  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 262866058 16930700 
72 3E 3C 74 64 20 77 69                          r><td wi

<2>
08/23-08:07:27.940415 200.5.123.21:80 -> 200.69.43.144:61246
TCP TTL:61 TOS:0x0 ID:22172 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x1970E7CA  Ack: 0x2EF7F0F1  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 262866058 16930700 
Got bogus buffer length (1440) for PrintNetData, defaulting to 16 bytes!
48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D  HTTP/1.1 200 OK.
0A 44 61 74 65 3A 20 54 68 75 2C 20 32 33 20 41  .Date: Thu, 23 A
75 00 01±

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: