Snort mailing list archives

Re: snort_decoder

From: MH <procana () insight rr com>
Date: Fri, 02 May 2003 06:54:47 -0400

Hi Brian,

It is not an error.

Check out post:http://marc.theaimsgroup.com/?l=snort-users&m=105183409225588&w=2


FYI: The CCNEW option is triggering this alert.

Hope this helps,
Mike




At 04:00 PM 5/1/2003 -0700, Bryan Irvine wrote:

Does this look familiar to anyone?
What kind of error is this?  I can't find it in the rules anywhere, so I
assume it's coming directly from snort somehow.



[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/01-15:01:41.513461 205.229.151.150:0 -> 64.1.201.147:0
TCP TTL:49 TOS:0x0 ID:50137 IpLen:20 DgmLen:68
******S* Seq: 0x839CCEA2  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 9875582 0 NOP
TCP Options => NOP CCNEW: 923253



--Bryan




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort_decoder Bryan Irvine (May 01)
- Re: snort_decoder Erick Mechler (May 01)
- Re: snort_decoder MH (May 02)