Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Question, probably really simple, but a question nontheless

From: Kevin Smith <kjsmith () tm net>
Date: Fri, 07 Oct 2005 11:18:18 -0400
First off a little background with me. At the office, I'm pretty much the only one with Unix/Linux experience and my boss watned me to set up snort to monitor traffic in basically areas that we would normally delete the traffic. Things that I am not good with, are TCP packet information (but I am learning). So bear with me if the questions are really easy ones to answer. 
I have noticed from the Snort dialy reports that I have been getting a lot more of the following warnings

95  61.133.3.47      64.7.160.0       (snort_decoder) WARNING: TCP Data Offset is less than 5!
Obviously the number (95 in this case) changes and the destination IP varies, but it is always 64.7.xxx.0. Should I be concerned about this increase (which is always from the same source)? What does this Offset mean and why is less than 5 so important to note? Any help would be great. 
Thanks,
Kevin



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: