Snort mailing list archives
Re: Strange Traffic Flow
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 14 Oct 2005 20:23:14 -0500
On Fri, 2005-10-14 at 21:15 -0400, Jeff Kell wrote:
That's normal. Google for "slow link detection domain controller".[Some? Most? At least our] SAP/R3 applications send out big fat pings instead of tcp keepalives.
Right, and certain OSes/devices use large ICMP packets for PMTU discovery. But he clearly described his setup which involves a domain controller. BTW: Those ICMP packets include bitmap data that represent the Microsoft logo. Feel free to google more on that ;) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Call for all Snort Projects Joel Esler (Oct 03)
- RE: [Snort-devel] Call for all Snort Projects Spiros Antonatos (Oct 10)
- Re: [Snort-devel] Call for all Snort Projects Alex Butcher, ISC/ISYS (Oct 11)
- Re: [Snort-devel] Call for all Snort Projects Jeff Nathan (Oct 12)
- Strange Traffic Flow Theodore Stout (Oct 14)
- Re: Strange Traffic Flow Frank Knobbe (Oct 14)
- Re: Strange Traffic Flow Jeff Kell (Oct 14)
- Re: Strange Traffic Flow Frank Knobbe (Oct 14)
- Re: [Snort-devel] Call for all Snort Projects Jeff Nathan (Oct 12)