Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcp flags

From: Chris Green <cmg () uab edu>
Date: Thu, 28 Feb 2002 14:22:07 -0600
"Basil Saragoza" <snortlst () hotmail com> writes:


I looked at the rules and noticed that quite often tcp flag set to flags:A+
I used to think that tcp flags were:
SYN (s), ACK (ack),  FIN (f), RESET (r), PUSH (p), URGENT (urg), and
Placeholder (.).

What is A+ as tcp flag? Are there any others I'm not aware of?
thx.


http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.13

A is ack; + means ACK plus anything else.
-- 
Chris Green <cmg () uab edu>
Eschew obfuscation.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: