Snort mailing list archives

Question about Incomplete Packet Fragments Discarded

From: "Didier CONTIS" <dcontis () bellsouth net>
Date: Sun, 20 May 2001 22:54:10 -0400



I have started to run the last cvs version of Snort
for analyzing our gigabit uplink to our campus backbone.

I am getting dozen of incomplete packets fragments discarded
from the defrag plugin (see below)

I was wondering how I can turn off these messages ? Most of
the addresses appearing are legitimate address ? Should I be worried
with some kind of misconfiguration ?

Thanks in advance for any answer.

Didier.

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:18:55.911524 130.207.A.B:0 -> 130.207.C.D:0
UDP TTL:254 TOS:0x0 ID:30430 IpLen:20 DgmLen:8336 DF
UDP header truncated

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:19:09.991524 199.77.A.B:0 -> 130.207.E.F:0
UDP TTL:254 TOS:0x0 ID:30097 IpLen:20 DgmLen:8336 DF
UDP header truncated

[**] Incomplete Packet Fragments Discarded [**]
05/19-18:21:16.171524 199.77.C.D:0 -> 130.207.G.H:0
UDP TTL:254 TOS:0x0 ID:30212 IpLen:20 DgmLen:8336 DF
UDP header truncated


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Question about Incomplete Packet Fragments Discarded Didier CONTIS (May 20)