Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Truncated UDP Header

From: "Koren, Alexander" <a.koren () broadnet-mediascape de>
Date: Sun, 21 Mar 2004 17:49:01 +0100
Hi there,

sometimes I get the following warning from Snort:

[**] (snort_decoder) WARNING: Truncated UDP Header! [**]
03/21-13:13:42.088423 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:0
UDP TTL:255 TOS:0x0 ID:31424 IpLen:20 DgmLen:20

That means that the UDP Header is less than 8 bytes, okay? But I wonder why
the source and destination port is 0. AFAIK port 0 is reserved for special
use as stated in RFC 1700. When you specify the source port of 0 when you
connect to a host, the OS automatically reassigns the port number to high
numbered ephemeral port.

Could some please explain me, what is exactly going on here (or post some
links)?

Thanks in advance,
Alex.


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: