Snort mailing list archives

Re: Urgent Pointer

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Thu, 30 Jun 2016 17:49:54 +0000

Offset is used for content.

Try this:

For flags: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION00468000000000000000

For ack number: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004612000000000000000


Thanks.

Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Email: allewi () cisco com 








On 6/30/16, 1:29 PM, "Pittigher, Raymond" <RPITTIGH () harris com> wrote:

I am trying, but have not succeeded yet, to read data in the "urgent pointer" or "acknowledgement number" fields. I am 
trying with the offset option assuming it must be a negative number? I am using snort on the command line with a pcap 
file. Anybody ever do this?
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Urgent Pointer Pittigher, Raymond (Jun 30)
- Re: Urgent Pointer Y M (Jun 30)
- <Possible follow-ups>
- Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
  - Re: Urgent Pointer Pittigher, Raymond (Jun 30)
    - Re: Urgent Pointer Al Lewis (allewi) (Jun 30)
    - Re: Urgent Pointer Pittigher, Raymond (Jun 30)
    - Re: Urgent Pointer Geoffrey Serrao (Jun 30)
    - Re: Urgent Pointer Pittigher, Raymond (Jun 30)