Snort mailing list archives

Re: TCP header length exceeds packet length

From: mouss <usebsd () free fr>
Date: Mon, 03 Nov 2003 23:14:44 +0100

Erik Nyman wrote:

Hi!

I'm testing a tool built by extol
(http://www.extol.com.my/news/warning/other/blaster_detection.htm) but I get
this warning message that I don't understand.

WARNING: TCP Header length exceeds packet length!

I have searched for an explanation, but I can't find any.

Anyone that can explain what to do about the PC that sends these packets?

May be the IP length has been written in host format instead of networkformat (so that would be a bug...?)

Are the ports set to zero or are they valid ports?



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

TCP header length exceeds packet length Erik Nyman (Nov 03)
- Re: TCP header length exceeds packet length Phil Wood (Nov 03)
- <Possible follow-ups>
- TCP header length exceeds packet length Erik Nyman (Nov 03)
  - Re: TCP header length exceeds packet length mouss (Nov 03)