Re: TCP flags issue

[Balasubramaniam Natarajan <bala150985 () gmail com>]

On Wed, Feb 4, 2015 at 3:12 AM, sajjad purmohseni <spurmohseni () yahoo com>
wrote:

> Hi all
>
>
>
> As you know TCP has 9 flags. But as you see TCP flags of snort is 8 bits
> defined in *sf_snort_packet.h* file:
>
> For all I know TCP has just 6 Flags in use currently.


> typedef struct _TCPHeader
> {
> ...
>     uint8_t flags;
> ...
> } TCPHeader;
>
> also predefinded flags are 9 bits as must be:
>
> #define TCPHEADER_FIN  0x01
> #define TCPHEADER_SYN  0x02
> ...
>
> Now I am confused if I want to check TCP_SYN flag; how to do that. I have
> used this but it doesn't return correct answer:
>
> I believe the 13 offset of TCP header should be 0x03 for SYN&FIN.


> if (packet->tcp_header->flags & TCPHEADER_SYN){
>     ...
> }
>
> Can anybody guide me about this issue? Thank you.
>
> ----
> kind regards;
> Sajad Pourmohseni
>
> --
Regards,
Balasubramaniam Natarajan
http://blog.etutorshop.com

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!