Snort mailing list archives
Re: diff between IpLen and DgmLen?
From: "SW" <s.wun () thales-is com hk>
Date: Tue, 13 Aug 2002 15:09:58 +0800
is dgmlen the payload length? Thansk Sam ----- Original Message ----- From: "Matt Kettler" <mkettler () evi-inc com> To: "SW" <s.wun () thales-is com hk>; <snort-users () lists sourceforge net> Sent: Tuesday, August 13, 2002 12:22 PM Subject: Re: [Snort-users] diff between IpLen and DgmLen?
IpLen (20 in most cases where no IP options are specifed) is the IP header length. IP header options are rarely used, unlike TCP options which are quite common. Very few routers will honor IP header options like source-route nowdays. dgmlen is the total datagram (packet) length. Both values are contained in the IP header of all packets. the IPLen is a 4-bit value and is in increments of 4 bytes (ie, max header length = 15*4
=
60), the dgmlen is a 16bit field in bytes. At 11:41 AM 8/13/2002 +0800, SW wrote:Hi, I found there are two diffferent length in each msg in the alert file. What is the difference between IpLen and DgmLen? Thanks SW
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- diff between IpLen and DgmLen? SW (Aug 12)
- Re: diff between IpLen and DgmLen? Matt Kettler (Aug 12)
- Re: diff between IpLen and DgmLen? SW (Aug 12)
- Re: diff between IpLen and DgmLen? SW (Aug 13)
- Re: diff between IpLen and DgmLen? Matt Kettler (Aug 13)
- Re: diff between IpLen and DgmLen? Matt Kettler (Aug 12)