Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.0.0rc4 openbsd 3.2 short udp packet complaints

From: Chris Green <cmg () sourcefire com>
Date: Mon, 14 Apr 2003 11:03:17 -0400
robin <mstubbs () facstaff wisc edu> writes:


I upgraded snort and I have to admit using the same config as I had
for snort 1.9.
Immediately as soon as the new version started it gave out
messages like 116:97:1 (snort_decoder): Short UDP packet, length field

payload length

(I doubt that this is the case.) It shows values like
router:0 -> broadcast:0 UDP TTL:2 TOS:0xC0 ID:0 IpLen:20 DgmLen:552
Len: 504


The decoder bails out quickly when it encounters an error so the print
outs will be less useful than normal.   If you can send me the packet
it alerted on (preferably in PCAP), I will see what was in error.  
-- 
Chris Green <cmg () sourcefire com>
This is my signature. There are many like it but this one is mine.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: