×

Error message

  • Unable to create CTools CSS cache directory. Check the permissions on your files directory.
  • Unable to create CTools CSS cache directory. Check the permissions on your files directory.

ospf packet length mismatch ?

Unanswered Question
Jan 9th, 2008
User Badges:

m getting thousands of hits on IDS with ospf packey length mismatch between two cisco routers..please let me know how to stop this...

thanks in advance

regards..

manik...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marikakis Wed, 01/09/2008 - 09:53
User Badges:
  • Gold, 750 points or more

Hello,


Two cisco routers will not become OSPF neighbors if the MTU's on the neighboring interfaces are not the same. Please make sure the MTU's on those interfaces are the same.


Kind Regards,

M.

manikpalekar Wed, 01/09/2008 - 12:41
User Badges:

hello...both the routers are connected through L3 switch.they are neighbours with each other..

Thanks..

Manik

shrikar.dange Wed, 01/09/2008 - 20:36
User Badges:
  • Bronze, 100 points or more

Hi,

I do not think its a MTU issue.Because packet length says about the length of the ospf packet including header.

Check whether the configuration is same for both outers.Also see whetehr they are adjacent with each other.


HTH,


regards,

shri :)

s.arunkumar Wed, 01/09/2008 - 20:44
User Badges:
  • Bronze, 100 points or more

yes i support that the above post..

If ur ospf is working fine,i think it can happen any signature of low severity might be triggred in ids.can u check for the signature details of that event..

mounir.mohamed Thu, 01/10/2008 - 01:15
User Badges:
  • Gold, 750 points or more

Are your devices forming adjacency or not?


-If the MTU mismatched the adjacency will never come up, unless manually configured to be matched on both ends on the link (neighbors) or ignore the MTU check during adjacency negotiations


Example:

Router(config-if)#int g0/0

Router(config-if)#ip ospf mtu-ignore


If your devices already forming adjacency and u only observe packet length mismatch, If you read section 8.2 of RFC 2328, there is no place that says

That an OSPF router should make this check, and the OSPF header

Length will always be different than IP length


http://www.faqs.org/rfcs/rfc2328.html


Best Regards,

Mounir Mohamed

Actions

This Discussion