Snort mailing list archives
RE: TCP flags
From: Joshua Wright <Joshua.Wright () jwu edu>
Date: Wed, 17 Oct 2001 07:53:20 -0400
David, (U)RG: Urgent Pointer field significant (A)CK: Acknowledgment field significant (P)SH: Push Function (R)ST: Reset the connection (S)YN: Synchronize sequence numbers (F)IN: No more data from sender and two "unused" fields. If you don't already own it, I recommend purchasing "TCP/IP Illustrated, volume 1" by Dr. Richard Stevens. It is an invaluable reference for anyone involved with networking, systems administration or information security. -Joshua Wright Team Leader, Networks and Systems Johnson & Wales University Joshua.Wright () jwu edu pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73 fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 -----Original Message----- From: David Hondel [mailto:dhondel () eci2 com] Sent: Tuesday, October 16, 2001 3:58 PM To: snort-users () lists sourceforge net Subject: [Snort-users] TCP flags This is probably an easy one, but I can't seem to find it.... When running snort (with -dev), there are 8 asterisks for flags (one is a letter, to denote the presence of a flag, I presume). Are these spelled out anywhere? example: 10/16-10:23:46.905044 0A:BC:DE:F0:AB:CD -> CD:EF:0A:BC:DE:F0 type:0x800 len:0x3c 10.0.0.1 -> 10.0.0.2 TCP TTL:127 TOS:0x0 ID:41350 IpLen:20 Dg mLen:40 *****R** Seq: 0x6D08BBFF Ack: 0x6D08BBFF Win: 0x0 TcpLen: 20 Thanks, David _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP flags David Hondel (Oct 16)
- <Possible follow-ups>
- RE: TCP flags Joshua Wright (Oct 17)