[Snort-devel] orig_tcph in Packet structure

Steven Sturges steve.sturges at ...402...
Fri Nov 19 18:31:10 EST 2010


That is correct.

It is used for logging purposes as well as in portscan detection
correlating original packets to ICMP responses of the port
unreachable variety.

On 11/19/2010 11:04 AM, snort user wrote:
> Hello all,
> 
> The Packet structure has a member - orig_tcph - which in my
> understanding is only used when a tcp header is embedded inside an
> ICMP header.
> 
> Is there any other reason/use for this?
> 
> 
> Thanks
> 
> ---------------  ---------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list