Snort mailing list archives

[!] WARNING: Not IPv4 datagram! - huh?

From: John Sage <jsage () finchhaven com>
Date: Sun, 27 May 2001 10:14:54 -0700

What's this about?

It seems to show up in http packets, kinda at random...

<snip from http packets logged>
:
45 54 41 20 48 54 54 50 2D 45 51 55 49 56 3D 33  ETA HTTP-EQUIV=3
44 22 43 6F 6E 74 65 6E 74 2D 54 79 70 65 22 20  D"Content-Type"
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
43 4F 4E 54 45 4E 54 3D 33 44 22 74 65 78 74 2F  CONTENT=3D"text/
68 74 6D 6C 3B 20 3D 0D 0A 63 68 61 72 73 65 74  html; =..charset
:
20 0A 3C 41 20 48 52 45 46 3D 22 2F 66 61 71 2F   .<A HREF="/faq/
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
66 61 71 35 2E 68 74 6D 6C 23 34 22 3E 73 74 61  faq5.html#4">sta
:
41 41 0A 3C 41 20 48 52 45 46 3D 22 2F 66 61 71  AA.<A HREF="/faq
2F 66 61 71 35 2E 68 74 6D 6C 23 39 22 3E FA 6C  /faq5.html#9">.l
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
74 69 6D 6F 20 41 41 3C 2F 41 3E 3A 20 20 20 20  timo AA</A>:
32 31 2D 31 32 2D 32 30 30 30 0A 73 65 72 76 69  21-12-2000.servi
:
[!] WARNING: Not IPv4 datagram! ([ver: 0x0][len: 0x0])
05/27-08:59:54.424966 143.108.23.3:80 -> 12.82.128.32:62232
TCP TTL:50 TOS:0x0 ID:36570 IpLen:20 DgmLen:44 DF
***A**S* Seq: 0xD2A94502  Ack: 0xB2FC9216  Win: 0x4470  TcpLen: 24
TCP Options (1) => MSS: 1460
:
05/27-09:19:24.672817 193.0.0.203:80 -> 12.82.128.32:62282
TCP TTL:48 TOS:0x0 ID:12316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE47968E8  Ack: 0xFC7D383B  Win: 0x6028  TcpLen: 32
[!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xc561])
[!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xc561])
TCP Options (3) => NOP NOP TS: 34889575 318946608
:
<end snip>

Any ideas?

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

[!] WARNING: Not IPv4 datagram! - huh? John Sage (May 27)
- Re: [!] WARNING: Not IPv4 datagram! - huh? Fyodor (May 27)
  - Re: [!] WARNING: Not IPv4 datagram! - huh? John Sage (May 27)