Possible Snort bug.

[Glenn Larsson <ichinin () swipnet se>]

Hi.

This happened when i moving files from System A to B

(The data i was moving at the time was an assortment of
 exploits, security tools, documents and images, but that
 shouldn't matter right?)

When i looked back at System B, this was pouring out on
the snort console:

"Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)
 Captured data lenght < Ethernet header lenght! (0 bytes)"
 (and so on)

I tried to ping the system to see if it showed output of the
ICMP packet, but nope - it did not see my icmp traffic, it
appeared "locked" in a loop.

Tech Specs:
-----------
System A = AMD K6-2 350, NT Srv 4.0, SP4, Protocols:IP and IPX
System B = Intel Pentium 133, NT Srv 4.0, SP5, Protocols:IP and NetBEUI

Packet driver = WinPcap 2.3
Snort Version = 1.8.5 (Win32)
Commandline = Snort.exe -v -y -c snort.conf -l log

Anyone know why this could have happened?

Regards,
Glenn

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users