Re: tcpdump for [!] WARNING: Not IPv4 datagram! ([ver: 0x5][len: 0xdc05])]

[John Sage <jsage () finchhaven com>]

Max:

What was the question, again?

The "[!] WARNING: Not IPv4 datagram!" deal?

You are capturing to file with tcpdump -w (what libpcap version?) and
reading the packet captures back through snort? (what snort version?).

When I replay the attachment you posted through snort 1.8.7 build 128,
it replays perfectly.


- John
-- 
"Cowardly refusing to create an empty archive."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 



On Mon, Jul 22, 2002 at 11:53:29AM -0500, max valdez wrote:
> Subject: tcpdump for [!] WARNING: Not IPv4 datagram! ([ver: 0x5][len:
>       0xdc05])
> From: max valdez <max () garaged homeip net>
> To: snort-users () lists sourceforge net
> X-Mailer: Ximian Evolution 1.0.3 (1.0.3-6) 
> Date: 22 Jul 2002 11:52:24 -0500
>
> I sent last week an attachment from my box using tcpdump as capturer, I
> was stupid enought to make it too big to pass to the list, here is
> another again. 
>
> Thanks for your answer Chris, I hope the problem can be corrected
> easyly, I need to see my alerts again !! :-)
>
> Thanks in advance
> Max


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users