ospf packet length mismatch ?

Unanswered Question
Jan 9th, 2008

m getting thousands of hits on IDS with ospf packey length mismatch between two cisco routers..please let me know how to stop this...

thanks in advance



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
marikakis Wed, 01/09/2008 - 09:53


Two cisco routers will not become OSPF neighbors if the MTU's on the neighboring interfaces are not the same. Please make sure the MTU's on those interfaces are the same.

Kind Regards,


manikpalekar Wed, 01/09/2008 - 12:41

hello...both the routers are connected through L3 switch.they are neighbours with each other..



shrikar.dange Wed, 01/09/2008 - 20:36


I do not think its a MTU issue.Because packet length says about the length of the ospf packet including header.

Check whether the configuration is same for both outers.Also see whetehr they are adjacent with each other.



shri :)

s.arunkumar Wed, 01/09/2008 - 20:44

yes i support that the above post..

If ur ospf is working fine,i think it can happen any signature of low severity might be triggred in ids.can u check for the signature details of that event..

mounir.mohamed Thu, 01/10/2008 - 01:15

Are your devices forming adjacency or not?

-If the MTU mismatched the adjacency will never come up, unless manually configured to be matched on both ends on the link (neighbors) or ignore the MTU check during adjacency negotiations


Router(config-if)#int g0/0

Router(config-if)#ip ospf mtu-ignore

If your devices already forming adjacency and u only observe packet length mismatch, If you read section 8.2 of RFC 2328, there is no place that says

That an OSPF router should make this check, and the OSPF header

Length will always be different than IP length


Best Regards,

Mounir Mohamed


This Discussion