[Snort-sigs] Ginwin improvments?

Joe Stewart jstewart at ...5...
Fri May 26 06:39:14 EDT 2006

On Friday 26 May 2006 09:14, Ureleet Ureleet wrote:
> I didn't used "established" in the flow because according to the
> pcap, no session is established, would need further research to
> determine.

The session is established, I only included the packets with actual 
content in the pcap.


Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

More information about the Snort-sigs mailing list