Snort mailing list archives
Re: orig_tcph in Packet structure
From: Steven Sturges <steve.sturges () sourcefire com>
Date: Fri, 19 Nov 2010 18:31:10 -0500
That is correct. It is used for logging purposes as well as in portscan detection correlating original packets to ICMP responses of the port unreachable variety. On 11/19/2010 11:04 AM, snort user wrote:
Hello all, The Packet structure has a member - orig_tcph - which in my understanding is only used when a tcp header is embedded inside an ICMP header. Is there any other reason/use for this? Thanks --------------- --------------------------------------------------------------- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- orig_tcph in Packet structure snort user (Nov 19)
- Re: orig_tcph in Packet structure Steven Sturges (Nov 19)