Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: why UDP disc acquire?

From: wkitty42 () windstream net
Date: Sat, 25 Jun 2016 08:50:11 -0400
On 06/25/2016 05:01 AM, Andrey Kiryukhin wrote:

Why you think that udp packet malformed? Tools like wireshark, tcpdump and
tcpreplay handle it correctly.  This packets have only wrong checksum, but i
 disable checksum control in Snort by using option "-k none".


a wrong checksum indicates several possible problems...

   malformed packet
   corrupted packet
   modified packet
   bad checksum formula

yes, some would say that the first three are the same thing but there are subtle 
differences... the first one is generated incorrectly, the second one has been 
damaged somewhere along the line and the third one has been modified somehow 
along the line...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: