Re: Truncated Tcp Options?

[Rich Adamson <radamson () routers com>]

Thanks Chris, that helps a bunch. Been doing professional protocol analysis
for the past twelve years or so, but this one sort of popped up without any
form of recognition in my over-55 brain. :(

> > Thanks for the reference. Are there any known stacks, apps, etc, that
> > are known to trip the alert, or does this option tend to be one of those
> > that might be more oriented towards FYI?
>
>
> FYI.  The RFC states that stacks must deal with these gracefully
> though some may not.
>
> It was added when I rewrote the TCP option parser and added support
> for just about tcp option representation condition. It's one of those
> things that was an FYI and then we could see if that was a common
> condition or not.  It usually just goes off on truncated frames AFAIK.




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users