Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Window Size

From: Andy Wood <andy.wood () sptrm com>
Date: Thu, 19 Jun 2003 16:36:22 -0400
        Can rules be written to detect a certain WINDOW size (See below
kernel msg(not sure if WINDOW=dsize))

Jun 17 06:59:57 darkgate kernel: TCP DROP: IN=br0 OUT=br0 PHYSIN=eth0
PHYSOUT=eth1 SRC=54.209.165.71 DST=216.216.216.216 LEN=52 TOS=0x00 PREC=0x00
TTL=99 ID=57300 PROTO=TCP SPT=56102 DPT=55533 WINDOW=55808 RES=0x00 SYN
URGP=0

        Thanks, 
        Andy


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: