Snort mailing list archives
bogus buffer length
From: Marcelo Gulin <listas () informatic-sa com ar>
Date: Thu, 23 Aug 2001 14:44:44 -0300
Hi! Need some help here. I'm running debian woody, kernel 2.2.19 w/ipchains and snort (1.7-9 .deb pkg). 'snort -dvi ppp0' dump lot of packets with ***AP*** flags (ACK/PSH flags set ON?) and ACK packets with the message "bogus buffer length (1440) for PrintNetData.....". Why???? thanks in advance Marcelo <1> 08/23-08:07:27.944882 200.5.123.21:80 -> 200.69.43.144:61246 TCP TTL:61 TOS:0x0 ID:22175 IpLen:20 DgmLen:60 DF ***AP*** Seq: 0x1970F312 Ack: 0x2EF7F0F1 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 262866058 16930700 72 3E 3C 74 64 20 77 69 r><td wi <2> 08/23-08:07:27.940415 200.5.123.21:80 -> 200.69.43.144:61246 TCP TTL:61 TOS:0x0 ID:22172 IpLen:20 DgmLen:1492 DF ***A**** Seq: 0x1970E7CA Ack: 0x2EF7F0F1 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 262866058 16930700 Got bogus buffer length (1440) for PrintNetData, defaulting to 16 bytes! 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK. 0A 44 61 74 65 3A 20 54 68 75 2C 20 32 33 20 41 .Date: Thu, 23 A 75 00 01± _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- bogus buffer length Marcelo Gulin (Aug 23)