Snort mailing list archives
Re: Incorrect IP Flags Values in database output.
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 15 Aug 2011 22:13:13 -0400
On 8/15/2011 20:24, kareem () khan net wrote:
You are right on the bits. All of them get affected. My only reference for what is expected in the data base is the code for Base. In the base_payload.php file, the ip_frag field get pulled out of the database and is used to create a PCAP. Since the data in that field is not the flags, the PCAP that is created is incorrect. So, my assuption was that the database would be holding the flags.
that doesn't sound too kosher... shouldn't a PCAP be the actual data on the wire? fragments and all?? yes, i understand that in some cases the fragments are reassembled into one large packet with flags and packet size supposedly adjusted to match but while this is a GoodThing<tm> in some cases, it would seem to be not all that proper in others... ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Incorrect IP Flags Values in database output. kareem (Aug 15)
- Fwd: [Snort-users] Incorrect IP Flags Values in database output. Joel Esler (Aug 15)
- Re: Incorrect IP Flags Values in database output. Russ Combs (Aug 15)
- Re: Incorrect IP Flags Values in database output. Joel Esler (Aug 15)
- Re: Incorrect IP Flags Values in database output. kareem (Aug 15)
- Re: Incorrect IP Flags Values in database output. Joel Esler (Aug 15)
- Re: Incorrect IP Flags Values in database output. beenph (Aug 15)
- Re: Incorrect IP Flags Values in database output. kareem (Aug 17)
- Re: Incorrect IP Flags Values in database output. beenph (Aug 17)
- Re: Incorrect IP Flags Values in database output. Joel Esler (Aug 15)
- Re: Incorrect IP Flags Values in database output. waldo kitty (Aug 15)