Unified Logging (PKT_STREAM_TWH & PKT_FROM_CLIENT)

[Christopher Granger <chrisgrangerx () gmail com>]

Hi Snort  Dev,



Regarding Unified logging & Packet Flags, can you answer this question,
please?



If the Packet Flags bit 0x00000020 is set (referenced below from decode.h)



define PKT_STREAM_TWH                         0x00000020  /* packet
completes the 3-way handshake */

define PKT_FROM_CLIENT                        0x00000080  /* this packet
came from the client


should flag 0x00000080 always also be set?

Based on log sampling I've done, this seems to be the case -- i.e.
while0x00000080 may be set alone, whenever 0x00000020 is set,
0x00000080 is also
set.

Thank you,
-Chris

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!