[Snort-devel] Unified Logging (PKT_STREAM_TWH & PKT_FROM_CLIENT)
chrisgrangerx at ...2499...
Tue Feb 21 09:39:48 EST 2012
Hi Snort Dev,
Regarding Unified logging & Packet Flags, can you answer this question,
If the Packet Flags bit 0x00000020 is set (referenced below from decode.h)
define PKT_STREAM_TWH 0x00000020 /* packet
completes the 3-way handshake */
define PKT_FROM_CLIENT 0x00000080 /* this packet
came from the client
should flag 0x00000080 always also be set?
Based on log sampling I've done, this seems to be the case -- i.e.
while0x00000080 may be set alone, whenever 0x00000020 is set,
0x00000080 is also
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel