Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP Window Question

From: <jess () jessland net>
Date: Fri, 1 Jun 2001 15:08:47 -0400 (EDT)
        Hi, folks.

        While parsing through some printed detects, I found TCP SYN
pkts with window sizes of 512 and 1024. Those are supposed to come from
old versions of NT, Solaris or Linux.

        I know it's quite unusual to find such small window sizes (TCP
stacks nowadays default to much higher windows sizes:
http://project.honeynet.org/papers/finger/traces.txt), unless
the system is very busy, when the window sizes can drop to even 0.

        I was just wandering if anyone knew of a TCP stack which defaults
to such small values or any reason other than the above that can lead to
them.

        Cheers,

        JESS


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: