Snort mailing list archives
RE: fragbits option
From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Wed, 27 Mar 2002 15:28:15 -0500
I'm testing using the fragbits option and have read the doc on writing rules. I'm trying to figure out my options when using the fragbits option. When is a "+" sign used and when is it not? For example, what's the difference between: fragbits: D and fragbits: D+
The "+" tells snort to look for the specified fragment or reserve bit plus any other. examples: fragbits: D -> ONLY the "Don't Fragment" flag fragbits: D+ -> "Don't Fragment" flag PLUS any other i.e. RB - "Reserved Bit" Hope this helps, - Jeff _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- fragbits option Sheahan, Paul (PCLN-NW) (Mar 27)
- Re: fragbits option Erek Adams (Mar 27)
- <Possible follow-ups>
- RE: fragbits option Wirth, Jeff (Mar 27)