Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: diff between IpLen and DgmLen?

From: "SW" <s.wun () thales-is com hk>
Date: Tue, 13 Aug 2002 13:27:56 +0800
How about TcpLen?
----- Original Message -----
From: "Matt Kettler" <mkettler () evi-inc com>
To: "SW" <s.wun () thales-is com hk>; <snort-users () lists sourceforge net>
Sent: Tuesday, August 13, 2002 12:22 PM
Subject: Re: [Snort-users] diff between IpLen and DgmLen?



IpLen (20 in most cases where no IP options are specifed) is the IP header
length. IP header options are rarely used, unlike TCP options which are
quite common. Very few routers will honor IP header options like
source-route nowdays.

dgmlen is the total datagram (packet) length.

Both values are contained in the IP header of all packets. the IPLen is a
4-bit value and is in increments of 4 bytes (ie, max header length = 15*4

=

60), the dgmlen is a 16bit field in bytes.

At 11:41 AM 8/13/2002 +0800, SW wrote:

Hi,

I found there are two diffferent length in each msg in the alert file.
What is the difference between IpLen and DgmLen?

Thanks
SW








-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: