[Snort-users] TCP flags
dhondel at ...3841...
Tue Oct 16 12:58:14 EDT 2001
This is probably an easy one, but I can't seem to find it....
When running snort (with -dev), there are 8 asterisks for flags (one is a
letter, to denote the presence of a flag, I presume).
Are these spelled out anywhere?
10/16-10:23:46.905044 0A:BC:DE:F0:AB:CD -> CD:EF:0A:BC:DE:F0 type:0x800
10.0.0.1 -> 10.0.0.2 TCP TTL:127 TOS:0x0 ID:41350 IpLen:20 Dg
*****R** Seq: 0x6D08BBFF Ack: 0x6D08BBFF Win: 0x0 TcpLen: 20
More information about the Snort-users