Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP flags

From: David Hondel <dhondel () eci2 com>
Date: Tue, 16 Oct 2001 15:57:55 -0400
This is probably an easy one, but I can't seem to find it....

When running snort (with -dev), there are 8 asterisks for flags (one is a
letter, to denote the presence of a flag, I presume).

Are these spelled out anywhere?

example:

10/16-10:23:46.905044 0A:BC:DE:F0:AB:CD -> CD:EF:0A:BC:DE:F0 type:0x800
len:0x3c
10.0.0.1 -> 10.0.0.2 TCP TTL:127 TOS:0x0 ID:41350 IpLen:20 Dg
mLen:40
*****R**  Seq: 0x6D08BBFF  Ack: 0x6D08BBFF  Win: 0x0  TcpLen: 20


Thanks,

David 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: