tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Bad TCP header len question

From: rmkml <rmkml () wanadoo fr>
Date: Thu, 8 Jul 2004 11:38:33 +0200 (CEST)
Hi,

I receive this packet,

but tcpdump not alarm this :

383:
08:40:18.127813 IP (tos 0x0, ttl 105, id 35774, offset 0, flags [none], length: 40) 61.153.209.26.80 > 2.3.4.166.16879: S [tcp sum ok] 3768285676:3768285696(20) ack 3053624288 win 8760 

372:
08:40:18.127813 61.153.209.26.80 > 2.3.4.166.16879: S [tcp sum ok] 3768285676:3768285696(20) ack 3053624288 win 8760 (ttl 105, id 35774, len 40) 

tethereal:
1 08:40:18.127813 61.153.209.26 -> 2.3.4.166 TCP 80 > 16879 [SYN, ACK] Seq=0 Ack=1 Win=8760, bogus TCP header length (0, must be at least 20) 

Possible add detect tcp header len pb in tcpdump ?

Regards

Rmkml () Wanadoo fr

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: