Wireshark · Ethereal-users: [Ethereal-users] More info than frame size???

Ethereal-users: [Ethereal-users] More info than frame size???

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Michael D. Berger" <m.d.berger@xxxxxxxx>

Date: Sat, 18 Jun 2005 09:56:19 -0400

On RH, I have been capturing http packets with tethereal
and examining them with ethereal.  In one obvious buffer
overflow attack I found:

   Frame size = 1506
   IP total length = 1492
   NTLMSSP data size = 1044

The hex dump shows the NTLMSSP to be in >addition< to the
ethernet frame size, which to me, does not make sense.
The tethereal filter is:
   tcp port 80
There are continuation packets, but they do not contain
the correct information.

Thanks for your help,
Mike.

--
Michael D. Berger
m.d.berger@xxxxxxxx

Follow-Ups:
- [Ethereal-users] Re: More info than frame size???
  - From: ronnie sahlberg

Prev by Date: Re: [Ethereal-users] Bogus IP Header
Next by Date: [Ethereal-users] Sniffer Hardware Suggestion?
Previous by thread: [Ethereal-users] libpcap_dev
Next by thread: [Ethereal-users] Re: More info than frame size???
Index(es):
- Date
- Thread