TCP Flags & MySQL

[Paul.Melson () priority-health com]

I have a Snort sensor logging to a MySQL database which is front-ended
by a commercial application that allows for packet payload retrieval.

This weekend, the system recorded a large number of "TCP port 0" alerts,
and as expected it didn't record a payload.  However, it did record
tcp_flags and tcp_win.  However, I am having difficulty interpreting the
raw values in the tcphdr table into usable data.  Can someone point me
to a doc that explains these values, or if I tell you that the tcp_flags
values I see most often are 2 and 18, can you tell me which flags are
set?

Thanks,
PaulM

** ** **  PRIVILEGED AND CONFIDENTIAL  ** ** **
This email transmission contains privileged and confidential information intended only for the use of the individual or 
entity named above.  Any unauthorized review, use, disclosure or distribution is prohibited and may be a violation of 
law.  If you are not the intended recipient or a person responsible for delivering this message to an intended 
recipient, please delete the email and immediately notify the sender via the email return address or mailto:postmaster 
() priority-health com.  Thank you.

- end -



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users