Snort mailing list archives

Re: orig_tcph in Packet structure

From: Steven Sturges <steve.sturges () sourcefire com>
Date: Fri, 19 Nov 2010 18:31:10 -0500

That is correct.

It is used for logging purposes as well as in portscan detection
correlating original packets to ICMP responses of the port
unreachable variety.

On 11/19/2010 11:04 AM, snort user wrote:

Hello all,

The Packet structure has a member - orig_tcph - which in my
understanding is only used when a tcp header is embedded inside an
ICMP header.

Is there any other reason/use for this?


Thanks

---------------  ---------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

orig_tcph in Packet structure snort user (Nov 19)
- Re: orig_tcph in Packet structure Steven Sturges (Nov 19)