Wireshark · Ethereal-users: [Ethereal-users] Re: More info than frame size???

Ethereal-users: [Ethereal-users] Re: More info than frame size???

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Sun, 19 Jun 2005 03:32:15 -0400

Can you send an example capture that displays this issue.


On 6/18/05, Michael D. Berger <m.d.berger@xxxxxxxx> wrote:
> On RH, I have been capturing http packets with tethereal
> and examining them with ethereal.  In one obvious buffer
> overflow attack I found:
> 
>    Frame size = 1506
>    IP total length = 1492
>    NTLMSSP data size = 1044
> 
> The hex dump shows the NTLMSSP to be in >addition< to the
> ethernet frame size, which to me, does not make sense.
> The tethereal filter is:
>    tcp port 80
> There are continuation packets, but they do not contain
> the correct information.
> 
> Thanks for your help,
> Mike.
> 
> --
> Michael D. Berger
> m.d.berger@xxxxxxxx 
> 
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>

Follow-Ups:
- RE: [Ethereal-users] Re: More info than frame size???
  - From: Michael D. Berger

References:
- [Ethereal-users] More info than frame size???
  - From: Michael D. Berger

Prev by Date: [Ethereal-users] Re: Sniffer Hardware Suggestion?
Next by Date: [Ethereal-users] Re: Ethereal-users SNMP to show OID name instead of value
Previous by thread: [Ethereal-users] More info than frame size???
Next by thread: RE: [Ethereal-users] Re: More info than frame size???
Index(es):
- Date
- Thread