Frank
what is the MTU size of the interface you are using for receiving
packets?
Regards Luca
On 12/07/2010 02:15 PM, Eargle, Frank wrote:
I am seeing packet truncated with standard ethernet as the
following shows:
**WARNING** packet truncated (12325->8232)
**WARNING** packet truncated (13746->8232)
Snort is not firing any of the malformed packet rules so I'm
pretty confident the packets are "stable" . I hesitate to say
"correct".
Looking in the pbuf.c I see the following clip. Should the IP
only flag turn off the len condition or turn it on?
if(myGlobals.runningPref.printIpOnly) {
/* When we do Fibre Channel, the end of the packet
contains EOF
* information and so truncating it isn't a good idea.
*/
if(len >= DEFAULT_SNAPLEN) len = DEFAULT_SNAPLEN-1;
}
Any other ideas?
Frank
Eargle II
Information
Security Analyst
SC
Computer Incident Response Team
The
Division of State Information Technology (DSIT)
4430
Broad River Rd
Columbia,
SC 29210
803-896-1650
SC-ISAC Response Center
803-896-0711
Direct Line
http://sc-isac.sc.gov
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
|
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
