Snort mailing list archives

simple question on packet sizes

From: "James R. Hendrick" <Jim_Hendrick () KEANE-NNE com>
Date: Tue, 8 May 2001 15:14:42 -0400

Hi,


When looking at the output of snort, there are several (basic) fields that I
need some help understanding:

IpLen
TcpLen
DgmLen
Len

I am trying to determine the number of bytes in packets (of various types,
mostly TCP) that make up "payload" vs. "header" for various services and
must simply be missing something obvious (need more coffffeeeeee).

The part that confuses me is that I see DgmLen in TCP packets as well as UDP
and TcpLen in UDP packets as well as TCP. Can someone help me understand
which fields I will see for which protocols and what they represent?

Thanks!

Jim




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

simple question on packet sizes James R. Hendrick (May 08)
- Re: simple question on packet sizes Martin Roesch (May 27)