[Oisf-devel] how to suricata alert when wrong ip length?
rmkml
rmkml at free.fr
Sun Jun 6 20:26:54 UTC 2010
Hi,
No alert with joigned pcap file, how to detect wrong ip length with suricata please?
Snort alert with:
06/04-10:18:28.332871 [**] [116:3:1] (snort_decoder) WARNING: IP dgm len < IP Hdr len! [**]
If you want, Im open a ticket?
Sorry if it's a stupid question!
Regards
Rmkml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricatawrongiplen.pcap
Type: application/cap
Size: 100 bytes
Desc:
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100606/8ac3f8e5/attachment.bin>
More information about the Oisf-devel
mailing list