[Snort-devel] tcp window detection

Federico Barbieri fede at ...1683...
Wed Jun 11 03:36:18 EDT 2003

hi guys, I'm a newbie here so plese forgive me if the question looks 
stupid to you...

I found this article

and was curious of investigating the issue. I have snort 2.0.0 (Build 
72) running on my gateway home. It's a beauty! But I'm having troubles 
trying to add a rule to detect tcp window syn packets. What would be the 
rule option to use?
Can anyone help me out?


If we knew what it was we were doing, it would not be called research, 
would it?

More information about the Snort-devel mailing list