[Snort-sigs] Help with TCP

Brett.Gillett at ...772... Brett.Gillett at ...772...
Thu Aug 29 07:32:03 EDT 2002


Hey everyone,

Just wondering if anyone could shed some light on this packet we captured
using Snort. We captured it using a custom signature,

[**] [1:0:0] XXXXXXXXXXXXXXXXXXXXX [**]
08/29-10:12:15.108174 SSS.SSS.SSS.80:18245 -> DDD.DDD.DDD.1:21536
TCP TTL:119 TOS:0x0 ID:30214 IpLen:20 DgmLen:269 DF
*2UA*R** Seq: 0x2F656E2F  Ack: 0x73637269  Win: 0x732F  TcpLen: 28  UrgPtr:
0x7269
TCP Options (1) => Opt 112 (40): 732E 6A73 2048 5454 502F 312E 310D 0A41
6363 6570 743A 202A 2F2A 0D0A 5265 6665 7265 723A 2068 7474

I am interested in understanding the TCP options section and the TCP flags
that have been set.  Also,  has anyone else seen anything destined to port
21536, I
can't seem to find out what this port is.

Lastly, even if anyone has a link to a good resource to explain this I
would appreciate it.

Thanks,

Brett





More information about the Snort-sigs mailing list