Re: [Snort-users] Packet size in snort log
This is a discussion on Re: [Snort-users] Packet size in snort log within the Snort forums, part of the System Security and Security Related category; At 09:29 AM 11/10/2003, nick travis wrote: >Below is section from my snort log, How can ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-11-2003
|
|||
|
|||
Re: [Snort-users] Packet size in snort log
At 09:29 AM 11/10/2003, nick travis wrote:
>Below is section from my snort log, How can I figure out the size of >this packet in bytes based off this info? > > > > 11/10-08:58:30.639214 10.31.178.196:137 -> 10.31.179.255:137 > > UDP TTL:128 TOS:0x0 ID:54163 IpLen:20 DgmLen:78 > > Len: 50 Which length are you interested in? Ethernet, IP, or UDP? Packets have different sizes depending what layer you are interested in. This packet was a 78 byte IP packet, with 20 bytes of IP header, 8 bytes of UDP header, and 50 bytes of UDP payload. The IpLen: specifies the length of the IP header The DgmLen: specifies the total length of the IP packet, including all IP layer headers. The Len: specifies the payload length, at the lowest layer that snort could decode, which in this case is UDP. Assuming ethernet headers and CRC of 18 bytes, the total on-ethernet-wire size of the was 96 bytes, or 92 bytes without CRC. ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
