[Snort-users] TCP flags

David Hondel dhondel at ...3841...
Tue Oct 16 12:58:14 EDT 2001


This is probably an easy one, but I can't seem to find it....

When running snort (with -dev), there are 8 asterisks for flags (one is a
letter, to denote the presence of a flag, I presume).

Are these spelled out anywhere?

example:

10/16-10:23:46.905044 0A:BC:DE:F0:AB:CD -> CD:EF:0A:BC:DE:F0 type:0x800
len:0x3c
10.0.0.1 -> 10.0.0.2 TCP TTL:127 TOS:0x0 ID:41350 IpLen:20 Dg
mLen:40
*****R**  Seq: 0x6D08BBFF  Ack: 0x6D08BBFF  Win: 0x0  TcpLen: 20


Thanks,

David 




More information about the Snort-users mailing list