Snort mailing list archives
Question, probably really simple, but a question nontheless
From: Kevin Smith <kjsmith () tm net>
Date: Fri, 07 Oct 2005 11:18:18 -0400
First off a little background with me. At the office, I'm pretty much the only one with Unix/Linux experience and my boss watned me to set up snort to monitor traffic in basically areas that we would normally delete the traffic. Things that I am not good with, are TCP packet information (but I am learning). So bear with me if the questions are really easy ones to answer.
I have noticed from the Snort dialy reports that I have been getting a lot more of the following warnings 95 61.133.3.47 64.7.160.0 (snort_decoder) WARNING: TCP Data Offset is less than 5!Obviously the number (95 in this case) changes and the destination IP varies, but it is always 64.7.xxx.0. Should I be concerned about this increase (which is always from the same source)? What does this Offset mean and why is less than 5 so important to note? Any help would be great.
Thanks, Kevin ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question, probably really simple, but a question nontheless Kevin Smith (Oct 07)
- Re: Question, probably really simple, but a question nontheless Alex Kirk (Oct 07)
- <Possible follow-ups>
- Re: Question, probably really simple, but a question nontheless Alex Kirk (Oct 07)