Re: TCP reserved flags: which is it?

[John Sage <jsage () finchhaven com>]

On Sun, Jul 21, 2002 at 03:55:30PM +1000, Chris Keladis wrote:
> Hi John,
>
> The flags represent the same.
>
> It just seems like ACID prints them out in a different order.
>
> You still have reserved flags 1 and 2 set, regardless if you read them 
> as 2 and 1.

OK:

So "1" represents "..The CWR flag is assigned to Bit 8 in the
Reserved field of the TCP header.."

And "2" represents "..Bit 9 in the Reserved field of the
   TCP header [and] is designated as the ECN-Echo flag.."

(ftp://ftp.isi.edu/in-notes/rfc2481.txt - which was obsoleted by
ftp://ftp.isi.edu/in-notes/rfc3168.txt)


or,

  0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|               |               | C | E | U | A | P | R | S | F |
| Header Length |    Reserved   | W | C | R | C | S | S | Y | I |
|               |               | R | E | G | K | H | T | N | N |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

(ftp://ftp.isi.edu/in-notes/rfc3168.txt)


OK?

Cool.


- John
-- 
"Obviously, we do not want to leave zombies around."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users