[Snort-users] TCP flags

David Hondel dhondel at ...3841...
Tue Oct 16 12:58:14 EDT 2001

This is probably an easy one, but I can't seem to find it....

When running snort (with -dev), there are 8 asterisks for flags (one is a
letter, to denote the presence of a flag, I presume).

Are these spelled out anywhere?


10/16-10:23:46.905044 0A:BC:DE:F0:AB:CD -> CD:EF:0A:BC:DE:F0 type:0x800
len:0x3c -> TCP TTL:127 TOS:0x0 ID:41350 IpLen:20 Dg
*****R**  Seq: 0x6D08BBFF  Ack: 0x6D08BBFF  Win: 0x0  TcpLen: 20



More information about the Snort-users mailing list