Snort mailing list archives
Question about "stream5: TCP 4-way handshake detected"
From: agustin larrarte via Snort-users <snort-users () lists snort org>
Date: Wed, 1 Nov 2017 12:22:11 -0300
Hi, I would like to ask for advice on this alert. We are receiving many alerts from one unique ip address on our environment for this event. We have been looking for documentation or aid online trying to figure out what this alert event means but we can't find anything snort related. Is this related to the 4 way TCP close connection handshake? why is this alert being triggered? here is a screenshot of snorby showing the alert: [image: Inline image 1] thank you, as always
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Question about "stream5: TCP 4-way handshake detected" agustin larrarte via Snort-users (Nov 01)
- Re: Question about "stream5: TCP 4-way handshake detected" wkitty42 (Nov 01)
- Re: Question about "stream5: TCP 4-way handshake detected" Victor Roemer via Snort-users (Nov 01)
- Re: Question about "stream5: TCP 4-way handshake detected" agustin larrarte via Snort-users (Nov 02)
- Re: Question about "stream5: TCP 4-way handshake detected" Victor Roemer via Snort-users (Nov 01)
- Re: Question about "stream5: TCP 4-way handshake detected" wkitty42 (Nov 01)