Re: TCP session without 3-way handshake - Snort 2.9.4.5

[Greg Williams <gwillia5 () uccs edu>]

What part of the TCP session is not making it?  Is there any packet capture?  Sounds like a SYN attack, but not really 
an attack if it’s just a few of them.  Look at the ACKs and sequence numbers if you have those.  They should provide a 
clue as to what is happening with the handshake.  I’ll plan on updating my code in a few days and see if I get any hits 
on this too.  I typically have 5000 hosts online at any given time so I should be able to see the same thing and run a 
packet capture.

From: Nathan Page [mailto:nwpage () nathanpage com]
Sent: Tuesday, May 14, 2013 7:37 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] TCP session without 3-way handshake - Snort 2.9.4.5

Can someone tell me were I can find more out about the ‘TCP session without 3-way handshake’ error. I am getting a lot 
of these.

Thanks

Nathan

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!