Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP session without 3-way handshake

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 03 May 2013 18:43:39 -0400

running snort 2.9.4.1


i'm seeing a lot of

[129:20:1] TCP session without 3-way handshake

coming from connections wit Google and Yahoo... i do not see this on my 
connections but it is being seen on other's connections...

there's also a lot of

[119:19:1] (http_inspect) LONG HEADER
[120:3:1] (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
[120:8:1] (http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE
[129:7:1] Limit on number of overlapping TCP packets reached
[129:12:1] Consecutive TCP small segments exceeding threshold
[129:15:1] Reset outside window

on the same connection from those same external sources...

how can this be?

could it be the result of dropped packets or something else?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: