Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: flags SYN question...

From: Brian <bmc () snort org>
Date: Fri, 5 Dec 2003 10:45:25 -0500
On Thu, Dec 04, 2003 at 09:58:03AM -0800, gfyspf () yahoo com wrote:

Could someone please tell me what the 12 stands for in the following
line:

flags:S,12  and are there other numbers if so what are they used for?
I have been searching all the documentation and can't find much info
on it.  


The detection option "flags:S,12;" means, look for just the syn flag,
ignoring the first and second reserved bit.

Brian


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: